Security

Security at ChatOrAI

We take the security of your business data and your customers' conversations seriously. Here's how we protect everything entrusted to us.

Encryption

  • All data in transit encrypted with TLS 1.3
  • Data at rest encrypted with AES-256
  • JWT tokens signed with HS256 and rotated regularly
  • API keys stored encrypted, never logged

Infrastructure

  • Hosted on Railway with isolated containers
  • CDN and DDoS protection via Cloudflare
  • Automatic backups every 24 hours
  • Zero-downtime deployments

Access Control

  • Role-based access control (RBAC) across all accounts
  • Each client's data is tenant-isolated
  • Admin access requires MFA
  • All access events are logged and auditable

Compliance

  • GDPR-aligned data handling practices
  • Data Processing Agreements available on request
  • Meta platform policies strictly followed
  • Regular internal security reviews

Testing & Monitoring

  • Continuous monitoring for anomalies and threats
  • Automated vulnerability scanning in CI/CD pipeline
  • Incident response plan with <2h SLA
  • Security patches applied within 24 hours of disclosure

Transparency

  • Public status page at chatorai.com/status
  • Incident postmortems published within 48 hours
  • Security changelog maintained
  • Responsible disclosure program active

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please email us at security@chatorai.com with a description of the issue.

We commit to: acknowledging your report within 24 hours · providing a timeline for a fix within 72 hours · not pursuing legal action against good-faith researchers.

For security concerns or questions, contact us at security@chatorai.com. For general privacy questions, see our Privacy Policy.