Enterprise-Grade Security
Security & Trust
TheSkinnyAI is built with security at its core. We understand that you're trusting us with your website visitors and lead data — we take that responsibility seriously.
Infrastructure Security
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API communications use HTTPS exclusively.
Cloud Infrastructure
Hosted on enterprise-grade cloud infrastructure with automatic failover, DDoS protection, and 99.9% uptime SLA.
Data Isolation
Each customer's data is logically isolated. Row-level security ensures your data is never accessible to other tenants.
Access Control
Role-based access control, secure API key management, and session-based authentication protect your account.
AI & Data Handling
- Your data stays yours: We do not use your website content or conversation data to train AI models for other customers.
- Minimal data collection: We only collect data necessary to provide the service — no hidden tracking or third-party data sales.
- Conversation controls: End users can clear their conversation history at any time. Site owners can disable conversation persistence entirely.
- AI model providers: We use enterprise-grade AI providers with data processing agreements that protect your information.
Compliance & Standards
| Standard |
Status |
Details |
| GDPR |
Compliant |
EU data subject rights supported, data processing agreements available |
| CCPA |
Compliant |
California consumer privacy rights supported |
| Data Residency |
US-based |
Primary data storage in US data centers |
| SOC 2 Type II |
Planned |
On roadmap for enterprise customers |
| HIPAA |
BAA Available |
Business Associate Agreements available for healthcare customers |
Payment Security
- PCI DSS Compliant: All payment processing handled by Stripe, a PCI Level 1 certified provider.
- No card storage: We never store, process, or have access to your full credit card numbers.
- Secure billing portal: Manage subscriptions through Stripe's secure customer portal.
Operational Security
- Monitoring: 24/7 infrastructure monitoring with automated alerting for anomalies.
- Backups: Automated daily backups with point-in-time recovery capability.
- Incident response: Documented incident response procedures with customer notification protocols.
- Vendor security: All third-party vendors are vetted for security practices and data handling.
For Enterprise Customers
Need additional security documentation or have specific compliance requirements? We offer:
- Security questionnaire responses
- Custom data processing agreements (DPA)
- Business Associate Agreements (BAA) for healthcare
- Dedicated security review calls
Contact Us for Enterprise Security
Report a Security Issue
If you discover a security vulnerability, please report it responsibly to security@theskinnyai.com. We appreciate security researchers who help keep TheSkinnyAI safe.
← Back to FAQ
Related