Security & GDPR
Enterprise-ready security. 8 independent protection layers. GDPR by design. Every action traceable.
8 security layers
Each layer protects independently — even if another fails.
Identity verification
On insecure channels the customer must verify themselves (e.g. ZIP code) before seeing contract data. Maximum 2 attempts.
Data classification
General info (status, product) may be shared. Sensitive data (payments, IBAN, contact details) only via secure channels or ticket.
Cross-customer protection
If person A asks for data about person B — automatic block and immediate ticket creation.
Prompt injection protection
13 detection patterns against manipulation. Input length limit. All suspicious inputs are logged.
Test mode
In simulation mode no real tickets are created and no real messages sent — safe to experiment.
Admin isolation
Sensitive admin tools are channel-based restricted. Invisible on public channels.
Audit trail
Every action is logged — who did what when, which data was accessed, which tools were used.
GDPR mode
Role-based access with privacy mode. Personal data only visible to authorized users.
4-level security architecture
Protection at every level — from input to system access.
Layer 1: Webhook level
Input length limit, injection pattern detection with logging, webhook signature validation for all incoming data sources.
Layer 2: Agent level
Channel-based tool registration, simulation guard in test mode, tool double-check before execution.
Layer 3: Data level
ZIP verification, cross-customer ownership check, security warning STOP rule, data classification.
Layer 4: System level
OAuth for dashboard access, role-based permissions (Admin/User/Custom), dedicated audit indices, privacy mode.
🇪🇺 GDPR by Design
Privacy is not an add-on, it is built into the architecture. Role-based access, privacy mode for personal data, complete audit trail and data classification — active by default.
Security you can trust
Let us go through your specific requirements.
Schedule a Call