Security

Security is foundational to our architecture. All data transmitted between our clients (including the dashboard and embedded chat widgets) and our servers is encrypted in transit using industry-standard TLS 1.3.

At rest, all customer data, chat logs, and configuration details are encrypted using AES-256 block-level encryption. We leverage managed Key Management Services (KMS) to handle cryptographic keys, ensuring separation of duties and rigorous access controls.

Internal access to production infrastructure is strictly limited to authorized engineering personnel based on the principle of least privilege. Access requires multi-factor authentication (MFA), strong passwords, and connections via secure VPNs.

For our customers, the BolChat dashboard supports role-based access control (RBAC), allowing you to restrict permissions within your organization. We mandate password complexity requirements and support two-factor authentication (2FA) for all administrative accounts.

We design our systems to comply with leading global privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We offer data processing agreements (DPAs) for customers operating in regulated regions.

Our infrastructure providers maintain a comprehensive array of compliance certifications, including SOC 2 Type II, ISO 27001, and PCI-DSS, ensuring the underlying physical and network security of our platform.

Our systems are continuously monitored for suspicious activity, performance anomalies, and potential security threats. We employ automated logging and alerting mechanisms that notify our security operations team in real-time.

In the event of a security incident, our incident response plan is immediately activated. This plan includes defined procedures for containment, eradication, recovery, and communication with affected customers within legally mandated timeframes.