Trust Center

Enterprise-Grade Security & Compliance

At CustomerGPT, trust is our primary priority. We build and maintain advanced security controls to protect your documents, customer logs, and AI widgets with complete transparency.

๐Ÿ›ก๏ธ

SOC 2 Type II

Certified Security

Independent third-party audits verify our strict operations across security, availability, and confidentiality.

๐Ÿ‡ช๐Ÿ‡บ

GDPR Compliant

EU Data Protection

We adhere strictly to the General Data Protection Regulation. Data Processing Agreements (DPA) are available.

๐Ÿฅ

HIPAA Compliant

Healthcare Privacy

Fully assessed against HIPAA security standards. Business Associate Agreements (BAA) available on Enterprise.

Our Commitments

How We Protect Your Assets

We engineer safety directly into the platform core architecture. Rest easy knowing that your integrations and data sources are fully shielded.

๐Ÿšซ
Zero Training

No AI Model Training

We explicitly contract with model providers (like OpenAI) to ensure your custom data, links, documents, and active user dialogues are NEVER used to train, retrain, or fine-tune public LLM models.

๐Ÿ”’
AES-256 & TLS 1.3

End-to-End Encryption

All client data is encrypted using military-grade AES-256 encryption at rest inside our PostgreSQL storage systems, and encrypted in-transit across TLS 1.3 networks.

๐Ÿงช
Strict Isolation

Isolated Tenant Sandboxing

Each SaaS operator account runs in a strictly isolated logical sandbox environment. Users cannot access adjacent client databases, trained embeddings, or conversation indexes.

๐Ÿ’พ
100% Owner

Full Data Ownership

You retain 100% legal ownership of all training sources, documents, and chat records. You can download complete data dumps or trigger permanent hard-deletion of your account data instantly.

๐Ÿ”‘
Granular RBAC

Advanced Access Controls

Exert absolute control over operator panels using role-based access configurations. Lock down customizer panels, data source files, and analytics views to designated team members.

๐Ÿ‘๏ธ
24/7 Security

Continuous Threat Audits

We execute daily vulnerability scans, automatic edge dependency audits, and continuous network penetration tests to block injection vectors and malicious script executions.

Security Q&A

Frequently Asked Questions

Get answers to standard security and data handling questions.

Absolutely. When you upload documentation or crawl site links, we process the texts and immediately translate them into vector embeddings. The raw text and embeddings are stored inside our secure, isolated database instances using advanced row-level security. We never expose your source texts or embeddings publicly, and they are fully encrypted both at rest and in transit.
No, they do not. CustomerGPT communicates with LLM models using enterprise API channels. Under standard API agreements, model providers (including OpenAI and Anthropic) are contractually prohibited from using API payloads for model training or fine-tuning. Your competitive edge and privacy remain 100% protected.
Our core PostgreSQL databases and application logic run on secure AWS cloud infrastructure situated in highly redundant US regions. Edge routing and middleware caches are distributed globally across secure CDN networks to guarantee latency figures under 15ms near your local region.
When you request the deletion of a data source, a chatbot, or your entire client account, our systems immediately initiate a hard-deletion. This permanently wipes out all associated vectors, document indexes, databases records, and logs from our active clusters. Backups are completely cycled and overwritten within 30 days.
Yes, we offer standard Data Processing Agreements (DPA) fully compliant with GDPR requirements. For healthcare providers, we also sign Business Associate Agreements (BAA) to support HIPAA compliance. These options are readily available on our Growth, Scale, and Enterprise packages.
๐Ÿข

Procuring for an Enterprise?

Our dedicated security teams are ready to support your vendor evaluations, assist with SOC-2 request logs, or finalize custom DPA and BAA arrangements.

Contact Enterprise Security