Security

How we protect your data.

Authentication & Access Control

Your data is protected by Supabase Auth with Row-Level Security (RLS). Every database query is scoped to the authenticated user — your bot data, conversations, and settings can never leak to another account. We support email/password authentication with magic link login coming soon.

Data Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. API keys are never exposed to the client — they're stored server-side and accessed only through secure environment variables.

AI & Data Privacy

Your chat messages are processed by OpenAI's API. OpenAI does not use customer API data for training. We only send the minimal context needed to generate responses: the user's question and relevant document chunks you've uploaded. Your knowledge base content is never shared with third parties beyond the AI provider.

Widget Security

The embeddable widget can be restricted to specific domains through domain allowlisting. Visitor conversations are isolated by conversation ID stored in browser localStorage. Lead data is encrypted and accessible only to the bot owner.

Infrastructure

TalkPilot runs on Vercel's global edge network with automatic DDoS protection, CDN, and SSL termination. The database is hosted on Supabase with automated backups and point-in-time recovery.

Compliance & Certifications

Our infrastructure providers (Supabase, Vercel, OpenAI) maintain SOC 2 Type II certifications. We're working toward our own compliance certifications as the product matures.

Have a security question? Contact us