Security & Privacy
Built to be trusted with your life.
Your data stays yours. Encrypted by default, processed with consent, and never used to train AI models.
HOW WE THINK ABOUT SECURITY
Privacy-first. Always.
Four principles guide every architecture decision and every line of code.
Control
You decide what Superchat can access, and what it can’t. Granular permissions for every integration, revocable at any time.
Visibility
Every action Superchat takes is logged in a human-readable audit trail. Replay, review, or revoke any decision.
Protection
End-to-end encrypted in transit and at rest. Keys are scoped per device, and we never see your conversation content in plaintext.
Reliability
Superchat runs 24/7, and so does our monitoring. 99.95% uptime with multi-region failover and continuous health checks.
UNDER THE HOOD
How we keep your data safe.
that actually completes tasks for you, from booking flights and replying to messages to managing your calendar and payments.
TLS 1.3 in transit. AES-256 at rest. Per-device key derivation with rotation, so a leaked key can never unlock your history.
Enterprise-grade cloud infrastructure (AWS & UAE- region data centres) with hardened access controls, private VPCs, and least-privilege networking.
Approval-based permissions for every action. Superchat asks before booking, paying, or sending — and you can require step-up confirmation for sensitive moves.
Every commit signed, every dependency scanned. Mandatory code review, SAST/DAST in CI, and quarterly third-party penetration tests.
Always on
Monitoring, testing,
and response. Before you ask.
Monitoring & detection
Real-time system & anomaly monitoring across infrastructure, APIs, and user behaviour. SIEM integration with on-call engineers 24/7.
Proactive testing
Quarterly external penetration tests, weekly vulnerability scans, and a public bug-bounty program with paid disclosure tiers.
Incident response
Defined runbooks, blameless post-mortems, and customer communication within 24 hours of any confirmed material incident.
DATA GOVERNANCE & PRIVACY
Your data stays yours.
We don't sell your data. We don't train models on it. And you can take it with you — or delete it — at any time.
The simplest privacy promise is the one we don't break.
Sell your data — ever, to anyone
Train AI models on your personal content
Share data with advertisers or brokers
Read your conversations as engineers
Privacy is a setting, not a promise. Every control is in your hands.
Delete your data instantly, end-to-end
Export your full history at any time
Revoke any integration in one tap
Choose data residency (UAE, EU, US)
GET IN TOUCH
Questions? Talk to our security team.
Security architecture reviews, penetration test results, vendor due-diligence packs — happy to share with qualified teams.
Contact security
Reach our security team directly for architecture details, sub-processor lists, or to report a vulnerability through our responsible disclosure program.
Trust Center
SOC 2 Type II reports, ISO certificates, sub-processor list, DPA & SCC templates, and an always-up-to-date status page — all in one place.
Loved by 200,000+ people
