Your data, protected
Enterprise-grade security built into every layer of the platform. From encryption and access controls to infrastructure hardening and privacy compliance - your conversation data is protected by design.
Senseloom is compliant with the GDPR and supports our customers by maintaining strict privacy-by-design principles as a Data Processor. Your data is processed only for the purposes you define.
We maintain formal data processing agreements with all cloud infrastructure and AI providers that handle your data. Every third party in the processing chain is contractually bound to the same privacy standards.
Calls can be permanently deleted with complete cleanup across the database, search index, and file storage. Configurable auto-deletion periods allow you to set retention policies that match your compliance requirements. Expired data is automatically purged across all storage layers.
Backups are stored across geographically distributed cloud providers, ensuring your data survives provider-level incidents.
The platform is designed with no vendor lock-in. AI providers, transcription services, and storage backends are all swappable. No proprietary format locks your data in - everything is exportable via the API.
All connections use TLS 1.2+ with HSTS preload and forward secrecy, preventing eavesdropping and man-in-the-middle attacks. TLS certificates are provisioned and renewed automatically with wildcard coverage - no manual intervention, no expiration risks.
All database traffic is encrypted with SSL. Credentials use strong hashing algorithms and are never stored or transmitted in plaintext.
Authentication tokens use JWT with asymmetric signing. Private keys never leave the authentication server.
Email from our domain is authenticated with DMARC, SPF, and DKIM to prevent spoofing and phishing attempts. Our domain is protected with DNSSEC, cryptographically signing DNS responses to prevent DNS spoofing and cache poisoning.
The platform enforces role-based access control with field-level enforcement. Users only see and do what their role allows.
Enterprise authentication is supported through OpenID Connect, Active Directory, and LDAP. Your team authenticates through your existing identity provider without managing separate credentials.
API keys are cryptographically hashed and never stored in plaintext. The platform supports full key lifecycle management including rotation, expiration dates, revocation, read-only mode, and role scoping.
Every call stage transition, user action, and API key usage is logged with the user, timestamp, and previous state - providing a complete audit trail for compliance reviews.
Senseloom supports cloud or on-premise deployment. Deploy in our managed cloud, your private cloud, or your own data center. The entire platform runs as containers in your controlled environment.
The platform enforces CSRF protection on all state-changing operations and sets Content Security Policy headers to restrict which scripts, styles, and resources can load in the browser, mitigating cross-site scripting and injection attacks.
Uploaded files are validated by MIME type, magic bytes, and file extension. Path traversal and zip bomb attacks are blocked with strict size and count limits. API schema introspection is disabled in production, preventing attackers from mapping the full API surface automatically.
Infrastructure health, backup status, and system metrics are monitored continuously with automated alerts for anomalies.
We maintain a dedicated process to prevent supply chain attacks - dependencies are audited and images are built from verified sources.