Security, Privacy, and Compliance

ChatbotIQ is built and hosted in Europe with privacy, security, and compliance as core design principles. This page explains how your data is handled and protected.

European platform

ChatbotIQ is a European product, hosted on European infrastructure. Your data stays in Europe.

Hosting: Servers located in the EU (Germany).
Data residency: Knowledge base content, conversations, and user data are stored in European data centers.
Compliance: Designed for GDPR compliance from the ground up.

How your data is used

Knowledge base content

Your crawled pages, PDFs, and Q&A entries are indexed and stored so your bot can search them. This content is:

Only accessible within your workspace.
Isolated per workspace (multi-tenant with strict namespace separation).
Deletable at any time — when you remove a source, all indexed content is permanently deleted.

Conversations

Chat messages between users and your bot are stored for:

Conversation history (so users can continue where they left off).
Analytics and knowledge gap detection.
Your review in the Conversations page.

AI model processing

When your bot answers a question, the relevant content chunks and the user’s message are sent to the AI provider for response generation. ChatbotIQ uses paid API tiers for all providers, which means your data is not used to train their models. No opt-out action is required.

Provider	Trains on API data?	Opt-out needed?	Data retention
OpenAI	No (default since Mar 2023)	No	30 days (abuse monitoring)
Anthropic	No	No	30 days (safety monitoring)
Google Gemini (paid API)	No	No	Per Google Cloud terms
Mistral	No (per API terms)	No	Short-term (abuse monitoring)

OpenAI embeddings (used for knowledge base indexing) are covered by the same policy — document content sent for embedding is not used for training.

This is favorable for GDPR compliance — none of the paid API tiers retain customer data for training. All providers have relatively short retention windows (typically 30 days) for abuse and safety monitoring only.

Compliance & certifications

SOC 2 alignment

ChatbotIQ is built with SOC 2 security principles. Key controls include:

Audit logging — all security-relevant actions (authentication, data changes, admin operations, GDPR events) are logged with user, timestamp, IP address, and context.
Encryption at rest — sensitive fields (API keys, credentials) are encrypted using AES symmetric encryption. Backups are encrypted with AES-256.
Encryption in transit — all traffic uses TLS 1.2+ with modern cipher suites. HTTP is redirected to HTTPS.
Vulnerability management — automated dependency scanning, container image scanning in CI/CD, and reproducible builds via lock files.
Backup & recovery — automated daily backups with SHA-256 integrity verification and off-site encrypted storage.
Change management — CI pipeline enforces linting, testing, build checks, and security scanning on all code changes before deployment.
Workspace isolation — strict multi-tenant separation at application, database, and vector store levels.

SOC 2 Type II certification is currently in progress.

ChatbotIQ is designed for GDPR compliance from the ground up.

Consent overlay — the widget can show a consent screen before any data is collected. Users must accept your privacy terms before chatting. All consent actions are recorded in an append-only audit log.
Data export — workspace owners can request a full export of all workspace data from Settings → Privacy.
Data deletion — users can request account deletion from Settings → Danger zone. This anonymizes the user’s data while preserving billing and audit integrity, with a 7-day grace period before processing. Individual conversations can be deleted from the Conversations page. Full workspace deletion (removing all bots, sources, conversations, and members) is performed by ChatbotIQ support on request.
Data residency — all data is stored in European data centers (Germany). See European platform above.
AI provider policies — all providers are used on paid API tiers where your data is not used for model training. See AI model processing above.

PII redaction

When enabled on a bot, ChatbotIQ automatically detects and masks personally identifiable information in chat messages — email addresses, phone numbers, credit card numbers, and more. See Enable PII Redaction.

Privacy controls

IP address control — by default, visitor IP addresses are not recorded. You can enable IP recording per bot if needed for analytics.
Allowed domains — restrict which websites can embed your bot, preventing unauthorized use and limiting data exposure.

Access control

Workspace isolation

Every resource in ChatbotIQ is scoped to a workspace. There is no cross-workspace data access.

Role-based access

Four roles exist — Owner, Admin, Member, and Viewer — but enforcement effectively distinguishes two tiers: Owner/Admin have full management access (bots, sources, settings, and team), while Member/Viewer have read/use access only. The Owner additionally controls billing and is the only role that can manage Admins. See Team Roles and Permissions for the full matrix.

Authentication

Google OAuth for convenient sign-in.
Email OTP for passwordless login.
Session tokens with revocation support.

API security

API keys and credentials are securely stored using industry-standard practices.
Bot-specific rate limiting prevents abuse.

Infrastructure security

SSRF protection — prevents the crawler and image proxy from accessing internal network resources.
Input filtering — user messages are screened for prompt injection attempts.
Output filtering — bot responses are checked for ungrounded content, PII, and other policy violations.
Rate limiting — per-bot, per-IP rate limits protect against abuse.
Audit logging — security-relevant actions are logged for compliance and incident response.

Enable PII Redaction — set up automatic PII masking
Configure Workspace Settings — GDPR data export and deletion
Team Roles and Permissions — access control details