Security & Privacy

Built to be trusted with your life.

Your data stays yours. Encrypted by default, processed with consent, and never used to train AI models.

SOC

SOC

SOC 2 Type II

SOC 2 Type II

SOC 2 Type II

GDPR

GDPR

GDPR compliant

GDPR compliant

GDPR compliant

ISO

ISO

ISO 27001

ISO 27001

ISO 27001

UAE

UAE

UAE Data Law

UAE Data Law

UAE Data Law

E2E

E2E

End-to-end encrypted

End-to-end encrypted

End-to-end encrypted

HOW WE THINK ABOUT SECURITY

Privacy-first. Always.

Four principles guide every architecture decision and every line of code.

Control

You decide what Superchat can access, and what it can’t. Granular permissions for every integration, revocable at any time.

Visibility

Every action Superchat takes is logged in a human-readable audit trail. Replay, review, or revoke any decision.

Protection

End-to-end encrypted in transit and at rest. Keys are scoped per device, and we never see your conversation content in plaintext.

Reliability

Superchat runs 24/7, and so does our monitoring. 99.95% uptime with multi-region failover and continuous health checks.

UNDER THE HOOD

How we keep your data safe.

that actually completes tasks for you, from booking flights and replying to messages to managing your calendar and payments.

Encryption

Encryption

Encryption

TLS 1.3 in transit. AES-256 at rest. Per-device key derivation with rotation, so a leaked key can never unlock your history.

Infrastructure

Infrastructure

Infrastructure

Enterprise-grade cloud infrastructure (AWS & UAE- region data centres) with hardened access controls, private VPCs, and least-privilege networking.

Access control

Access control

Access control

Approval-based permissions for every action. Superchat asks before booking, paying, or sending — and you can require step-up confirmation for sensitive moves.

Secure development

Secure development

Secure development

Every commit signed, every dependency scanned. Mandatory code review, SAST/DAST in CI, and quarterly third-party penetration tests.

Always on

Monitoring, testing,
and response. Before you ask.

Monitoring & detection

Real-time system & anomaly monitoring across infrastructure, APIs, and user behaviour. SIEM integration with on-call engineers 24/7.

Active monitors

Active monitors

1,200+

1,200+

Proactive testing

Quarterly external penetration tests, weekly vulnerability scans, and a public bug-bounty program with paid disclosure tiers.

Last pen test

Last pen test

Q1 2026

Q1 2026

Incident response

Defined runbooks, blameless post-mortems, and customer communication within 24 hours of any confirmed material incident.

Median MTTR

Median MTTR

< 30 min

< 30 min

DATA GOVERNANCE & PRIVACY

Your data stays yours.

We don't sell your data. We don't train models on it. And you can take it with you — or delete it — at any time.

What we never do

What we never do

What we never do

The simplest privacy promise is the one we don't break.

Sell your data — ever, to anyone

Train AI models on your personal content

Share data with advertisers or brokers

Read your conversations as engineers

What you fully control

What you fully control

What you fully control

Privacy is a setting, not a promise. Every control is in your hands.

Delete your data instantly, end-to-end

Export your full history at any time

Revoke any integration in one tap

Choose data residency (UAE, EU, US)

GET IN TOUCH

Questions? Talk to our security team.

Security architecture reviews, penetration test results, vendor due-diligence packs — happy to share with qualified teams.

Contact security

Reach our security team directly for architecture details, sub-processor lists, or to report a vulnerability through our responsible disclosure program.

Trust Center

SOC 2 Type II reports, ISO certificates, sub-processor list, DPA & SCC templates, and an always-up-to-date status page — all in one place.

Loved by 200,000+ people

Trusted by 3,000+ professionals across Dubai, London & New York.

actually completes tasks for you, from booking flights and replying to messages to managing your calendar and payments.