Security

Protecting your data is fundamental to everything we build. Learn about the security practices, infrastructure, and policies that keep your customer conversations safe.

Last updated: March 2026

Our Security Commitment

Security is built into every layer of our platform. We are committed to protecting your data through encryption, access controls, and continuous monitoring.

Data Encryption

We use encryption to protect your data in transit and to safeguard sensitive credentials at rest.

  • In transit: TLS 1.3 encryption for all communications between your browser, the chat widget, and our servers.
  • Sensitive credentials: API keys, authentication tokens, and integration secrets are encrypted at rest using AES-256-CBC.
  • Database: Encrypted database connections with certificate verification.

Infrastructure

Our infrastructure is designed for reliability and security.

  • Cloud-hosted: Deployed on enterprise-grade cloud infrastructure.
  • Backups: Automated daily backups with point-in-time recovery.
  • Network security: Firewalls, DDoS protection, and network segmentation.

Access Controls

Strict access controls ensure that only authorized personnel can access systems and data.

  • Role-based access: Granular role-based access control (RBAC) for both your team and our internal staff.
  • Two-factor authentication: 2FA support for all accounts to add an extra layer of protection.
  • Audit logs: Comprehensive audit logging of all access events and administrative actions.
  • Least privilege: Internal access follows the principle of least privilege with regular access reviews.

Compliance

We adhere to international standards and regulations to protect your data.

  • GDPR compliant: Compliance with the General Data Protection Regulation for EU data subjects.
  • Data Processing Agreements: DPAs available for customers who require them.
  • Privacy by design: Privacy considerations are embedded into our development lifecycle.

Vulnerability Management

We proactively identify and address security vulnerabilities.

  • Dependency scanning: Automated scanning of software dependencies for known vulnerabilities.
  • Responsible disclosure: Report vulnerabilities to security@chateta.com.
  • Patch management: Critical vulnerabilities are patched promptly.

Data Handling

Your data is handled with care throughout its lifecycle.

  • Data isolation: Each customer's data is logically isolated to prevent cross-account access.
  • Secure deletion: Deleted data is permanently removed from our systems.
  • Data export: Export your data at any time.

Incident Response

We maintain an incident response plan to handle security events promptly:

  • Detection: Automated monitoring and alerting for anomalies and potential threats.
  • Response: Documented protocols to contain, investigate, and remediate incidents.
  • Notification: Affected customers are notified within 72 hours of a confirmed data breach, in compliance with GDPR.

Contact Our Security Team

If you have security concerns, want to report a vulnerability, or need more details about our security practices, please reach out to our dedicated security team:

We take all security reports seriously and will respond to verified reports within one business day.

Ready to Transform Your Customer Support?

Start resolving tickets faster, reduce your team's workload, and keep customers happier. All from one inbox.

Get Started Free Book a Demo

Free plan available. No credit card required.