Logo

Security

Our customer's trust and data security are core and critical to what we do at Chewbotta.

Who we are

Chewbotta is a platform and service operated and provided by SaaSync, LLC ("SaaSync"), a limited liability company organized under the laws of the State of Wyoming, United States.

Overview

Chewbotta was built from the ground up with data security in the forefront of our architecture. So much so, that Chewbotta greatly limits the storage of your customer data on our servers. Our mission is to get your customer data in a secure manner from your source systems to the chat user interface, while storing as little data as possible.

We understand the importance of safeguarding your data, thus we have implemented controls and best practices to provide the highest standard of security for our users and customers. Below are some of those mechanisms.

Data storage

For performance reasons and to reduce API rate limit exceptions, we store your customer level data in a secured database for powering chat responses. That data might also get included in Messages ("Message") such as dashboard alerts (Chewy Thoughts), conversations, or third party platforms you've chosen to integrate such as Slack. If a customer is deleted from your source system, it is also deleted from our databases, however if the customer's data was referenced in a Message that data might remain until the Messages are also deleted from Chewbotta or third party platforms. Upon deletion of a data source, all customer data associated with the source is removed immediately, again with exception for possible references in Messages in Chewbotta or third party platforms. Upon deletion of the Chewbotta account all data is removed, including data sources and Messages in Chewbotta, however note that data sent to third party platforms is not deleted.

We also may log error responses from the source systems for up to 30 days and log an audit trail of actions performed for up to 60 days. For systems that enable webhooks, we retain a history of webhooks received for 30 days.

Data privacy

Your data is your property and will never be sold to third parties.

  • GDPR compliant: SaaSync, Chewbotta, and all our third-party providers are compliant with the EU’s General Data Protection Regulation. Our Data Processing Addendum is available for your review.
  • Credit cards: Chewbotta does not process or store any credit card details belonging to you or your customers. Your card details are never transmitted through or stored on our infrastructure. All credit card payments made to Chewbotta go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
  • Passwords: Your password is encrypted and never stored in our database in a readable/unencrypted format. You are responsible for choosing a strong password and keeping it secret. We do enforce a password complexity standard and credentials are stored using a PBKDF function (bcrypt). Two-factor authentication is available to all Chewbotta users and we strongly recommended enabling it on your account for an additional layer of security.

Product & Network security

  • Password and Credential Storage: Chewbotta enforces a password complexity standard and account credentials are stored using a PBKDF function (bcrypt). Integration API credentials are stored using an advanced encryption standard (AES).
  • 2FA: Chewbotta makes available for all users two-factor authentication, which we strongly recommend enabling on your account for additional security. To utilize this feature you must be using username/password for authenticating your account. For users authenticating via Google One Tap, your 2FA authentication should be enabled via your Google account (myaccount.google.com).
  • Uptime: We have uptime of 99.9% or higher. You can check our recent statistics at our Status Page.
  • Monitoring: We monitor application, software, and infrastructure behavior through industry-established services that are highly reliable and compliant.
  • Data hosting and storage: Chewbotta services and data are hosted in Amazon Web Service (AWS) facilities in the USA.
  • Fault tolerance: Chewbotta provides multiple failover instances to prevent outages due to single points of failure.
  • Encryption: Data sessions are always protected with TLS protocols and 2,048-bit keys. We also encrypt sensitive data at rest using an industry-standard AES-256 encryption algorithm.
  • Virtual Private Cloud: All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
  • Incident policy: Incidents are handled through a defined and documented process. We run post-mortems and all employees are informed of our policies.

Data centers and network

Our data center provider, AWS, maintains ISO 27001, SOC2, GDPR compliance, along with numerous other certifications and standards.