Security, privacy, and governance before your team asks for them
Use InsertChat without sending data into a black box. European hosting, zero data training, encryption at rest and in transit, and the controls security teams expect before rollout.
7-day free trial · No charge during trial
Enterprise security features
The controls most teams need before they can approve AI for internal or customer-facing use.
Enterprise-grade security
Built around five trust principles: security, availability, processing integrity, confidentiality, and privacy, with ongoing monitoring and regular security assessments.
AES-256 encryption
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3 protocols.
Zero data training
Your data is never used to train AI models. We maintain strict data isolation and privacy controls.
Bring your own key
Enterprise customers can manage their own encryption keys for ultimate control over data access.
Role-based access control
Granular permissions ensure users only access data and features necessary for their role.
24/7 monitoring
Continuous security monitoring with real-time threat detection and automated incident response.
Data protection principles
How data is handled from ingestion to deletion, without handing governance to another vendor.
Data minimization
We collect only the data necessary to provide our services and delete it when no longer needed. Systems are designed to minimize exposure and limit access to what is required.
Data residency
Customer data is stored in secure data centers within your chosen region. Data localization options support sovereignty and regulatory requirements.
Data retention
We retain customer data only as long as required to provide services or satisfy legal obligations, then securely delete it.
Data subject rights
We support access, rectification, erasure, portability, and restriction requests with systems designed for fast response.
Infrastructure security
Protection across hosting, application access, monitoring, and response.
Cloud security
- European infrastructure with DDoS protection
- Multi-region deployment for high availability
- Automated security patching and updates
- Isolated network environments
Application security
- Secure coding practices and code reviews
- Regular penetration testing
- Vulnerability scanning and management
- Web application firewall (WAF)
Access controls
- Multi-factor authentication (MFA) required
- Secure authentication workflows
- Principle of least privilege
- Complete audit logs
Monitoring and response
- 24/7 security monitoring
- Real-time threat detection
- Automated incident response
- Comprehensive logging and alerting
Our security team
The operational practices that support the security posture, not just the infrastructure.
Background checks
All team members undergo comprehensive background checks to uphold strict security standards and trust requirements.
Security training
Regular security awareness training keeps every employee aligned with current best practices.
Incident response
A dedicated security team with 24/7 incident response capability is in place to address and resolve security concerns quickly.
Compliance and certifications
Standards and review signals teams ask for during procurement and security review.
Certified
Compliant
Certified
Ready
Compliant
Level 1 ready
Frequently asked questions
Tap any question to see how InsertChat would respond.
InsertChat
Product FAQ
Hey! 👋 Browsing Security questions. Tap any to get instant answers.
Where is my data stored?
European servers. GDPR compliant, never used for training, and deletable at any time.
What is InsertChat, from a privacy standpoint?
An AI agent workspace that connects to your approved sources and uses model providers to generate responses. Privacy depends on what you ingest, what tools you enable, and who can access the agent.
What gets sent to AI model providers?
Your prompt and relevant context excerpts from connected sources are sent to the selected model provider to generate an answer.
Do you use our data to train models?
No. InsertChat never uses your data to train models.
Is my data isolated from other customers?
Yes. Data is scoped to your workspace and agents. Sources and conversations remain isolated.
Can I delete data?
Yes. Delete sources, conversation history, leads, and feedback at any time.
What data does InsertChat store?
Agent configuration, connected knowledge sources, and conversation data needed for the experience and analytics.
Can I keep an agent private?
Yes. Choose public or private agents depending on whether anyone or only authenticated users can access the embed.
Do you have role-based access controls?
Yes. Control who can manage agents and data with role-based access.
What is BYOK from a privacy standpoint?
You provide your own API key for model access. Prompts and context are still sent to the provider, so review their policies for your compliance needs.
Can I restrict what the agent can do?
Yes. Control tool enablement per agent to limit actions to only what is necessary.
Can we limit exposure of sensitive data in the agent?
Yes. Scope sources to what should be answerable and limit tool enablement to only what is required.
Can I export or audit what users asked?
Yes. Analytics show what people ask. Contact us for exports for audits or internal reporting.
Do you support GDPR?
Yes. Full GDPR compliance with Data Processing Addendum (DPA) available on request.
Can you provide a DPA?
Yes. Our DPA covers processing obligations, subprocessors, and deletion/return terms. Contact us to request it.
Do you list subprocessors?
Yes. Subprocessors are documented in the DPA. Request it or contact us for details.
How do you handle security questionnaires?
Contact us and we provide the right documentation for your team's review process.
Is InsertChat safe to embed on a public website?
Yes, when configured correctly. Ground answers in approved sources and keep tool access controlled.
What if we need a private deployment or special requirements?
Enterprise plans cover custom deployment, advanced controls, and procurement constraints. Contact us to discuss.
How do privacy requests work (access, deletion)?
Submit privacy requests through the contact page. We route them to the right process.
Where can I request security documentation?
Submit security inquiries through the contact page.
Do you support self-hosting?
Yes. Enterprise plans include self-hosting and bring-your-own-LLM options.
How do I evaluate InsertChat?
Start a free trial with non-sensitive data. When ready, request our security questionnaire and DPA.
Security FAQ
Where is my data stored?
European servers. GDPR compliant, never used for training, and deletable at any time.
What is InsertChat, from a privacy standpoint?
An AI agent workspace that connects to your approved sources and uses model providers to generate responses. Privacy depends on what you ingest, what tools you enable, and who can access the agent.
What gets sent to AI model providers?
Your prompt and relevant context excerpts from connected sources are sent to the selected model provider to generate an answer.
Do you use our data to train models?
No. InsertChat never uses your data to train models.
Is my data isolated from other customers?
Yes. Data is scoped to your workspace and agents. Sources and conversations remain isolated.
Can I delete data?
Yes. Delete sources, conversation history, leads, and feedback at any time.
What data does InsertChat store?
Agent configuration, connected knowledge sources, and conversation data needed for the experience and analytics.
Can I keep an agent private?
Yes. Choose public or private agents depending on whether anyone or only authenticated users can access the embed.
Do you have role-based access controls?
Yes. Control who can manage agents and data with role-based access.
What is BYOK from a privacy standpoint?
You provide your own API key for model access. Prompts and context are still sent to the provider, so review their policies for your compliance needs.
Can I restrict what the agent can do?
Yes. Control tool enablement per agent to limit actions to only what is necessary.
Can we limit exposure of sensitive data in the agent?
Yes. Scope sources to what should be answerable and limit tool enablement to only what is required.
Can I export or audit what users asked?
Yes. Analytics show what people ask. Contact us for exports for audits or internal reporting.
Do you support GDPR?
Yes. Full GDPR compliance with Data Processing Addendum (DPA) available on request.
Can you provide a DPA?
Yes. Our DPA covers processing obligations, subprocessors, and deletion/return terms. Contact us to request it.
Do you list subprocessors?
Yes. Subprocessors are documented in the DPA. Request it or contact us for details.
How do you handle security questionnaires?
Contact us and we provide the right documentation for your team's review process.
Is InsertChat safe to embed on a public website?
Yes, when configured correctly. Ground answers in approved sources and keep tool access controlled.
What if we need a private deployment or special requirements?
Enterprise plans cover custom deployment, advanced controls, and procurement constraints. Contact us to discuss.
How do privacy requests work (access, deletion)?
Submit privacy requests through the contact page. We route them to the right process.
Where can I request security documentation?
Submit security inquiries through the contact page.
Do you support self-hosting?
Yes. Enterprise plans include self-hosting and bring-your-own-LLM options.
How do I evaluate InsertChat?
Start a free trial with non-sensitive data. When ready, request our security questionnaire and DPA.
Need your security team involved?
We can support security reviews, questionnaires, DPAs, and rollout planning before you commit to deployment.
7-day free trial · No charge during trial