Trust & Security
How we protect your data
What we do today, what's in flight, and who sees your visitors' messages. No marketing language — if a control isn't live yet we say so.
Last updated: 9 May 2026
Compliance status
GDPR
LiveEU/UK visitors have right of access, rectification, erasure, and portability. Data subject requests: legal@insitechat.ai. We act as data processor for your visitor data; you remain the controller.
India DPDP Act, 2023
LiveIndian customers can host data, billing, and chatbot inference within India. Notice + consent flows are configurable per chatbot. See our DPDP page for the full residency story.
SOC 2 Type II
In progressAudit window opening Q3 2026 with a top-100 auditor. Controls already implemented: access reviews, change management, encrypted backups, MFA enforcement, structured incident response. Type I report available on request once issued.
HIPAA
PlannedTargeted for healthcare-vertical customers. BAA template in legal review. PHI segregation patterns are already supported in the chatbot architecture; the certification gap is process + audit, not product.
ISO 27001
PlannedOn the multi-year roadmap. Most ISO controls overlap with SOC 2; we expect the second cert to be incremental once SOC 2 lands.
Encryption
- In transit: TLS 1.2+ everywhere. HSTS enforced. Cloudflare Universal SSL on every customer-facing endpoint.
- At rest: AES-256 disk encryption on Postgres + OCI Object Storage. Database backups are encrypted before leaving the host.
- Secrets: environment-variable-only, never committed. Rotation supported on demand.
Data handling
- Customer data lives in our Mumbai (ap-mumbai-1) Oracle Cloud region by default. No replication outside India unless you explicitly enable it.
- Visitor messages persist for the lifetime of the chatbot, scoped to the chatbot's conversations table. Owners can soft-delete individual conversations or hard-delete via the admin UI; deleted rows are cascade-removed within 24 hours.
- Source content (URLs, PDFs, files you upload) is chunked + embedded for RAG and re-fetched on demand. Originals are stored on OCI Object Storage with object-level ACLs.
- LLM inference goes to your configured provider (Gemini default; OpenAI/Anthropic/local Ollama via BYOK). Provider data-retention policies apply — we recommend reviewing your provider's settings if you handle regulated data.
Backups & recovery
- Postgres dumps run on every production deploy and at midnight UTC daily.
- Backups retained for 14 days, encrypted, off-host (separate OCI region).
- Recovery target: RPO 24h / RTO 4h for full database restore. Point-in-time recovery within the last 7 days via WAL archiving.
- Blue-green deploys keep the previous container color warm for instant rollback if a release degrades.
Access controls
- InsiteChat employees access prod only via SSH key + bastion host. MFA enforced on all admin surfaces.
- Customer data is never read by employees in the course of normal operations. Support access requires explicit customer approval per ticket and is logged in the admin audit trail.
- Within your account: chatbots are scoped per user. Multi-seat workspaces are on the roadmap for Q4 2026.
Subprocessors
Vendors who process customer data on our behalf. We update this list when a subprocessor is added or removed.
| Vendor | Purpose | Region |
|---|---|---|
| Oracle Cloud (OCI) | Production hosting, database, object storage | ap-mumbai-1 (India) |
| Cloudflare | CDN, DNS, DDoS protection, WAF | Global anycast |
| Google Gemini | LLM inference (default tier) | US (Vertex AI) |
| OpenAI | LLM inference (BYOK / opt-in) | US |
| Razorpay | Subscription billing for India customers | India |
| Stripe | Subscription billing for international customers | US / EU |
| PostHog | Product analytics (self-hosted EU instance) | EU |
| Resend | Transactional email (lead notifications, escalations) | US |
| HubSpot | Optional CRM sync — only for customers who enable it | US |
Incident response
- Every chat-stream exception persists with timestamp + truncated error string for post-hoc investigation.
- Customer-impacting incidents are surfaced in admin within minutes; SEV1 issues trigger an internal alert.
- Post-incident, owners receive a written summary within 5 business days describing root cause, scope, and remediation.
- Status page: coming with the Q3 2026 SOC 2 audit window. Subscribe to release notes via the blog RSS in the meantime.
Reporting a security issue
If you believe you've found a vulnerability, please email security@insitechat.ai. We respond within 48 hours and credit researchers in our changelog with their permission.
Do not exploit the issue in production, do not access other customers' data, and please give us reasonable time to respond before disclosing publicly.
Need our subprocessor list, DPA, or a vendor security questionnaire?
Contact our team