Get Started Sign In

Trust Center

Your data, secured
at every layer

Conversations are sensitive. We protect them with audited controls, strong encryption, and a team that treats security like product.

Contact Security Read the FAQ

Certifications & Frameworks

Audited, compliant, accountable

We align with the frameworks that matter for B2B and MENA-regulated businesses.

SOC 2 Type II

Annually audited

GDPR

EU data protection

ISO 27001

In progress

HIPAA-ready

BAA on request

KSA PDPL

Saudi data law

Need documentation for procurement?

SOC 2 report, security questionnaires, and DPAs available under NDA.

Request docs

How we protect you

Security, end to end

Encryption

  • ✓ TLS 1.3 in transit
  • ✓ AES-256 at rest
  • ✓ Per-tenant key isolation
  • ✓ Encrypted backups

Access control

  • ✓ SSO (SAML, Google)
  • ✓ 2FA required for admins
  • ✓ Role-based permissions
  • ✓ Audit logs for every action

Monitoring

  • ✓ 24/7 threat detection
  • ✓ Anomaly alerts
  • ✓ Quarterly pentests
  • ✓ Bug bounty program

Resilience

  • ✓ 99.9% uptime SLA (Pro+)
  • ✓ Multi-region backups
  • ✓ 15-minute RPO
  • ✓ Tested DR playbook

Data residency

Your data stays in your region

Choose where your customer conversations are stored. We operate in four regions, each isolated and locally redundant.

🇸🇦 Middle East

Riyadh, Bahrain

🇪🇺 Europe

Frankfurt, Dublin

🇺🇸 North America

Virginia, Oregon

🇸🇬 Asia Pacific

Singapore, Tokyo

No cross-region transfer

Conversations stored in MENA never leave MENA.

Enterprise-grade DPAs

Standard contractual clauses, GDPR and PDPL-aligned.

Self-service export & deletion

Download or permanently delete data in one click.

Subprocessors

Who we trust with your data

A full, auditable list of third parties involved in operating the service.

Vendor
Purpose
Data location
Certs
Amazon Web Services
Primary infrastructure, databases, object storage
Customer-chosen
SOC 2, ISO 27001
Cloudflare
CDN, WAF, DDoS protection
Global edge
SOC 2, ISO 27001
Meta / WhatsApp
WhatsApp Business API delivery
Meta regions
SOC 2
Stripe
Payment processing
US / EU
PCI DSS L1
Twilio
SMS fallback & OTP delivery
US / EU
SOC 2, ISO 27001
OpenAI
AI features (opt-in per workspace)
US
SOC 2
Sentry
Error monitoring (metadata only)
EU
SOC 2

Updated April 2026. Subscribe to changes →

Found a vulnerability?

Report it responsibly to security@airochat.com. We acknowledge within 24 hours, triage within 72, and reward qualifying reports through our bug bounty.

< 24h

Initial acknowledgement

< 72h

Triage & severity

$10k+

Top bounty tier

FAQ

Common security questions

Do you train AI models on our customer conversations?+
No. Your conversations are never used to train Airochat models or any third-party model. AI features that use OpenAI are opt-in per workspace, and requests are sent with a zero-retention flag.
Who has access to our data internally?+
Only a small number of engineers with need-to-know access. Every access is logged, time-boxed, and requires a ticket. Production access requires 2FA and a break-glass review.
Can I sign a DPA?+
Yes. Our standard DPA covers GDPR, KSA PDPL, and standard contractual clauses. For regulated industries we can sign a custom BAA (HIPAA) or sector-specific addenda.
How quickly is data deleted when I cancel?+
Active data is deleted within 30 days of cancellation. Encrypted backups are purged within 90 days. You can also trigger immediate deletion at any time from your workspace settings.
Do you support SSO?+
Yes — SAML 2.0 (Okta, Azure AD, Google Workspace) and OIDC on Business and Enterprise plans. SCIM user provisioning is available on Enterprise.
How do you handle incident response?+
We maintain a 24/7 on-call rotation and a documented incident response playbook. Customers are notified of security-relevant incidents within 72 hours, with RCA published within 14 days.
Can I see your current uptime and history?+
Yes — status.airochat.com shows real-time component status and historical incidents going back 90 days.

Security questions?
We're one email away.

Talk to our security team directly — no forms, no gatekeeping.

security@airochat.com Contact Sales