OyeChats
FeaturesSolutionsIntegrationsPricingDocsBlogContact us

Security, documented.

No vague assurances. Here is exactly how we protect your data and your customers' data, the encryption, access controls, and infrastructure behind every conversation.

What's in place today

These controls are live in production. OyeChats does not yet hold formal third-party certifications such as SOC 2 or ISO 27001; our data processing is aligned with the GDPR, and we're happy to walk enterprise teams through our practices in detail.

GDPR

Aligned

HTTPS / TLS

Enforced everywhere

Encryption at rest

AES-256, managed cloud

Signed webhooks

HMAC-SHA256

Encryption

  • TLS for all data in transit (HTTPS / WSS)
  • Data encrypted at rest by our managed cloud storage (AES-256)
  • Webhook payloads signed with HMAC-SHA256
  • Passwords hashed with bcrypt, never stored in plain text

Infrastructure

  • Hosted on managed cloud infrastructure
  • Automated backups managed by our cloud provider
  • Rate limiting on API endpoints
  • Error and uptime monitoring via Sentry

Access Control

  • Role-based access control for operators and admins
  • Password and Google OAuth sign-in
  • Signed session tokens with expiry
  • API keys scoped to the minimum required permissions

Data and Privacy

  • GDPR-aligned data processing
  • Email addresses redacted in application logs
  • Right to erasure, delete visitor data on request
  • Prompt-injection guards on every AI message

Infrastructure at a glance

Managed Postgres

Primary application datastore

Background job queue

Async tasks via ARQ + Redis

Error monitoring

Incident alerting via Sentry

AI observability

Trace logging via Langfuse (Enterprise)

Cloud object storage

Documents and media via Cloudflare R2

Transactional email

Notifications and summaries via Brevo

Found a vulnerability? We have a responsible disclosure program.

support@oyechats.com