Security | UseAI Support

Our Security Commitment

At UseAI Support, security is not an afterthought—it's foundational to everything we build. We understand that you trust us with sensitive business data, and we take that responsibility seriously. Our security program is designed to protect your data throughout its lifecycle.

Data Protection

Encryption

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites.
At Rest: All stored data is encrypted using AES-256 encryption with regularly rotated keys.
Key Management: Encryption keys are managed using industry-standard key management systems with strict access controls.
Database: Database connections are encrypted and access is restricted to application services only.

Data Isolation

Your data is logically isolated from other customers at the application and database level.
AI models process your data in isolation—your documents are never used to train shared models.
Call recordings and transcripts are stored separately with additional access controls.
Reddit intent signals and resolved identity data are stored securely and associated only with your organization.

Data Residency

Primary data processing occurs in the United States. For enterprise customers, we offer data residency options in the EU and other regions. Contact our sales team for details.

Infrastructure Security

Cloud Infrastructure

Hosted on enterprise-grade cloud infrastructure (AWS/GCP) with SOC 2 Type II certification.
Multi-region deployment with automatic failover for high availability.
Regular infrastructure security assessments and hardening.
Network segmentation and firewall rules to minimize attack surface.

Availability

99.9% uptime SLA for production services.
Automated backups with point-in-time recovery.
Disaster recovery procedures with regular testing.
Real-time monitoring and alerting for service health.

Application Security

Secure Development

Security-focused code reviews for all changes.
Automated security scanning in CI/CD pipelines.
Regular dependency updates and vulnerability patching.
OWASP Top 10 protection measures implemented.

Authentication & Authorization

Secure password hashing using bcrypt with appropriate work factors.
Multi-factor authentication (MFA) available for all accounts.
Session management with secure token handling.
Role-based access control (RBAC) for granular permissions.
SSO/SAML integration available for enterprise customers.

API Security

API authentication via secure tokens with expiration.
Rate limiting to prevent abuse.
Input validation and sanitization.
Comprehensive API audit logging.

Organizational Security

Personnel Security

Background checks for all employees with access to customer data.
Mandatory security awareness training.
Principle of least privilege for all system access.
Regular access reviews and prompt deprovisioning.

Vendor Management

Security assessment of all third-party vendors.
Data processing agreements with all sub-processors.
Regular review of vendor security posture.

Compliance & Certifications

SOC 2 Type II

UseAI Support maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality. Our SOC 2 report is available to customers under NDA upon request.

GDPR

We are fully compliant with the General Data Protection Regulation (GDPR). We offer:

Data Processing Agreements (DPAs) for all customers
Standard Contractual Clauses for international data transfers
Tools for data subject access requests
Right to erasure (data deletion) capabilities

CCPA

We comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), providing California residents with required privacy rights and disclosures.

Email Compliance Support

Our AI email outreach features include built-in compliance tools to help you meet CAN-SPAM and other email marketing requirements, including:

Unsubscribe list management
Consent tracking and documentation
Required sender identification
Opt-out handling and processing

Third-Party Data Sources

When processing data from third-party sources like Google Maps and Reddit, we implement additional security measures:

Google Maps: Business data retrieved through official APIs with secure authentication.
Reddit: Only publicly available posts are monitored. We do not access private subreddits, direct messages, or non-public user information.
Identity Resolution: Cross-referencing with public business directories uses encrypted connections and rate limiting to prevent abuse.
Data Minimization: We only collect and retain third-party data necessary for the features you use.

Incident Response

Monitoring & Detection

24/7 automated monitoring for security events.
Intrusion detection and prevention systems.
Security Information and Event Management (SIEM).
Regular log analysis and anomaly detection.

Response Process

We maintain a documented incident response plan that includes:

Defined roles and responsibilities.
Escalation procedures.
Communication protocols.
Post-incident review and improvement.

Breach Notification

In the event of a security incident affecting your data, we will notify you within 72 hours as required by GDPR and other applicable regulations. Notification will include the nature of the incident, affected data, and remediation steps taken.

Security Testing

Penetration Testing: Annual third-party penetration tests by qualified security firms.
Vulnerability Scanning: Regular automated vulnerability scans of infrastructure and applications.
Bug Bounty: We welcome responsible security research. Report vulnerabilities to security@useaisupport.com.

Your Security Responsibilities

Security is a shared responsibility. We recommend:

Use strong, unique passwords for your account.
Enable multi-factor authentication (MFA).
Keep your team's access up to date and remove inactive users.
Review API key usage and rotate keys regularly.
Report any suspicious activity promptly.

Contact Us

For security inquiries, to request our SOC 2 report, or to report a security issue:

Security Team: security@useaisupport.com
For urgent security issues, include "URGENT" in the subject line.

Our Security Commitment

Data Protection

Encryption

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites.
At Rest: All stored data is encrypted using AES-256 encryption with regularly rotated keys.
Key Management: Encryption keys are managed using industry-standard key management systems with strict access controls.
Database: Database connections are encrypted and access is restricted to application services only.

Data Isolation

Your data is logically isolated from other customers at the application and database level.
AI models process your data in isolation—your documents are never used to train shared models.
Call recordings and transcripts are stored separately with additional access controls.
Reddit intent signals and resolved identity data are stored securely and associated only with your organization.

Data Residency

Primary data processing occurs in the United States. For enterprise customers, we offer data residency options in the EU and other regions. Contact our sales team for details.

Infrastructure Security

Cloud Infrastructure

Hosted on enterprise-grade cloud infrastructure (AWS/GCP) with SOC 2 Type II certification.
Multi-region deployment with automatic failover for high availability.
Regular infrastructure security assessments and hardening.
Network segmentation and firewall rules to minimize attack surface.

Availability

99.9% uptime SLA for production services.
Automated backups with point-in-time recovery.
Disaster recovery procedures with regular testing.
Real-time monitoring and alerting for service health.

Application Security

Secure Development

Security-focused code reviews for all changes.
Automated security scanning in CI/CD pipelines.
Regular dependency updates and vulnerability patching.
OWASP Top 10 protection measures implemented.

Authentication & Authorization

Secure password hashing using bcrypt with appropriate work factors.
Multi-factor authentication (MFA) available for all accounts.
Session management with secure token handling.
Role-based access control (RBAC) for granular permissions.
SSO/SAML integration available for enterprise customers.

API Security

API authentication via secure tokens with expiration.
Rate limiting to prevent abuse.
Input validation and sanitization.
Comprehensive API audit logging.

Organizational Security

Personnel Security

Background checks for all employees with access to customer data.
Mandatory security awareness training.
Principle of least privilege for all system access.
Regular access reviews and prompt deprovisioning.

Vendor Management

Security assessment of all third-party vendors.
Data processing agreements with all sub-processors.
Regular review of vendor security posture.

Compliance & Certifications

SOC 2 Type II

UseAI Support maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality. Our SOC 2 report is available to customers under NDA upon request.

GDPR

We are fully compliant with the General Data Protection Regulation (GDPR). We offer:

Data Processing Agreements (DPAs) for all customers
Standard Contractual Clauses for international data transfers
Tools for data subject access requests
Right to erasure (data deletion) capabilities

CCPA

We comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), providing California residents with required privacy rights and disclosures.

Email Compliance Support

Our AI email outreach features include built-in compliance tools to help you meet CAN-SPAM and other email marketing requirements, including:

Unsubscribe list management
Consent tracking and documentation
Required sender identification
Opt-out handling and processing

Third-Party Data Sources

When processing data from third-party sources like Google Maps and Reddit, we implement additional security measures:

Google Maps: Business data retrieved through official APIs with secure authentication.
Reddit: Only publicly available posts are monitored. We do not access private subreddits, direct messages, or non-public user information.
Identity Resolution: Cross-referencing with public business directories uses encrypted connections and rate limiting to prevent abuse.
Data Minimization: We only collect and retain third-party data necessary for the features you use.

Incident Response

Monitoring & Detection

24/7 automated monitoring for security events.
Intrusion detection and prevention systems.
Security Information and Event Management (SIEM).
Regular log analysis and anomaly detection.

Response Process

We maintain a documented incident response plan that includes:

Defined roles and responsibilities.
Escalation procedures.
Communication protocols.
Post-incident review and improvement.

Breach Notification

Security Testing

Penetration Testing: Annual third-party penetration tests by qualified security firms.
Vulnerability Scanning: Regular automated vulnerability scans of infrastructure and applications.
Bug Bounty: We welcome responsible security research. Report vulnerabilities to security@useaisupport.com.

Your Security Responsibilities

Security is a shared responsibility. We recommend:

Use strong, unique passwords for your account.
Enable multi-factor authentication (MFA).
Keep your team's access up to date and remove inactive users.
Review API key usage and rotate keys regularly.
Report any suspicious activity promptly.

Contact Us

For security inquiries, to request our SOC 2 report, or to report a security issue:

Security Team: security@useaisupport.com
For urgent security issues, include "URGENT" in the subject line.

Security at UseAI Support

Encryption

Infrastructure

Access Control

Compliance

Team Security

Incident Response

Our Security Commitment

Data Protection

Encryption

Data Isolation

Data Residency

Infrastructure Security

Cloud Infrastructure

Availability

Application Security

Secure Development

Authentication & Authorization

API Security

Organizational Security

Personnel Security

Vendor Management

Compliance & Certifications

SOC 2 Type II

GDPR

CCPA

Email Compliance Support

Third-Party Data Sources

Incident Response

Monitoring & Detection

Response Process

Breach Notification

Security Testing

Your Security Responsibilities

Contact Us

Have Security Questions?

Security at UseAI Support

Encryption

Infrastructure

Access Control

Compliance

Team Security

Incident Response

Our Security Commitment

Data Protection

Encryption

Data Isolation

Data Residency

Infrastructure Security

Cloud Infrastructure

Availability

Application Security

Secure Development

Authentication & Authorization

API Security

Organizational Security

Personnel Security

Vendor Management

Compliance & Certifications

SOC 2 Type II

GDPR

CCPA

Email Compliance Support

Third-Party Data Sources

Incident Response

Monitoring & Detection

Response Process

Breach Notification

Security Testing

Your Security Responsibilities

Contact Us

Have Security Questions?