Proto's commitment to data security

Yes, your data will be automatically deleted after 30 days if you request account deletion. You can export your data directly from your Proto account or request support from our team.

Yes, as a requirement of SOC2 and ISO:27001 standards, Proto conducts penetration testing twice a year. Furthermore, regular internal security assessments are performed, and any identified vulnerabilities are promptly addressed.

Yes, Proto holds the SOC2 and ISO:27001 certification, conducts penetration testing biannually, and works with security organisations such as Vanta and Sentry Assurance, maintaining a high level of security for client data.

User data is stored on our cloud servers, which are hosted by AWS. We keep client data for the duration of your platform subscription, and it is removed 30 days after the subscription ends, allowing you the chance to export any necessary data from the platform. If requested, your data can be deleted before this period.

Proto prioritises data security and confidentiality by implementing robust encryption protocols, access controls, and biannual penetration testing. Additionally, sensitive data is anonymised or pseudonymised whenever possible to minimise risks. Access to confidential information is strictly limited to authorised personnel, and all interactions with the platform are logged and monitored to detect and prevent any unauthorised access or data breaches.

The AI assistants secure API interactions with encryption protocols like HTTPS to protect data integrity and confidentiality in transit. For authentication, Proto uses API keys and OAuth tokens to guarantee that only authorised users access these APIs. To maintain data integrity, Proto enforces strict input validation and sanitisation practices on enduser inputs prior to processing. Proto also applies rate limiting and throttling to prevent misuse and promote equitable resource use. Through regular security evaluations and vulnerability scanning, Proto proactively identifies and mitigates potential security threats. Adhering to OWASP recommendations and industry norms for API security, along with continuous activity monitoring and logging, Proto swiftly addresses any abnormal actions. This approach underscores Proto's dedication to ensuring a secure, trustworthy exchange with external systems, protecting user data's privacy and integrity.

The information is secured both when stored and during transmission. The security protocols employed include TLS and SSL.

The Proto AICX Platform offers two primary levels of user roles: Company and Team. Each level customisable across a comprehensive set of approximately 50 permissions. This granularity allows for precise control over user access and features, enabling organisations to tailor the security of the platform to meet their specific needs.

Proto's system is equipped with extensive logging and tracking capabilities to monitor user activities. This includes keeping a detailed record of modifications in platform settings, assistant configurations, ticketing, and live chat details, providing a clear audit trail of all changes.

Proto prioritises rapid response to critical incidents. Information about any possible disruptions and downtime is relayed through Proto's status page at https://status.proto.cx/.

Proto incorporates comprehensive business continuity and disaster recovery protocols to guarantee service availability at all times. This includes routine backups of vital data and system configurations, alongside redundant components to reduce the risk of singular failure points. Moreover, the infrastructure supporting Proto's service is strategically distributed across multiple geographic data centers, ensuring the availability of failover options during unforeseen incidents. Proto also regularly undertakes tests and simulations to affirm the effectiveness of its disaster recovery plans, aiming for swift and efficient restoration of services in the event of any disruptions.

Proto uses Security Journey to offer ongoing security training to its employees and comply with SOC2 standards. This method guarantees that employees are consistently informed about potential security challenges and follow established guidelines for best practices in security.

The system uses email and password-based authentication, as well as Single Sign-On (SSO) options through Google and Microsoft, and it includes support for multi-factor authentication.

Proto consistently conducts reviews mandated by SOC2 and ISO:27001 standards, such as biannual penetration tests, quarterly vulnerability scans, and security assessments, to identify and evaluate security risks. Additionally, internal security tests are carried out, and proactive steps are taken to strengthen the security of our solutions.

Proto adheres to data privacy laws such as GDPR and corresponding regional privacy regulations by utilizing the AWS platform, which maintains the highest security benchmarks, as our data processing foundation. For safeguarding user privacy, the data resides behind robust firewalls on secured servers. Additionally, clients have the option to implement IP whitelisting, Single Sign-On (SSO), and multi-factor authentication to enhance security.

The Proto AICX Platform and client data are hosted on Amazon Web Services (AWS) in Singapore and Europe. Additionally, for clients requiring specific data management, the Enterprise Max Add-On allows the hosting of data (chats, audience information, tickets, etc.) in their own databases (On-premise hosting).