Protect personally identifiable information
The Proto AICX Platform provides multiple data management and hosting features to comply with local privacy laws and ensure protection of customer information.
End insecure personal password usage and implement single sign-on with Google and Microsoft.
Structure employee access to the Proto AICX Platform and audience data in accordance with your organisation's data handling procedures.
Gain access to your account's resources, functionalities, and data via API for seamless integration.
Enable an allowlist of valid IP addresses for secure account access across remote teams.
Comply with national data management regulations with on-premise hosting for complete control over data storage and processing within your infrastructure.
Deploy hybrid hosting with secure connection to personal data on your virtual cloud.
Monitor user activity, manage roles, and enforce additional security with two-factor authentication.
Assign agents to teams, customise permissions, and select from multiple chat assignment options.
Set up and oversee sub-companies within your account, meeting complex business organisation needs.
Convert the Proto AICX Platform to your branding, logo, and colours for complete consistency.
Data Management FAQ
Can clients request data deletion or export their data?
Yes, your data will be automatically deleted after 30 days if you request account deletion. You can export your data directly from your Proto account or request support from our team.
Does Proto routinely carry out penetration testing?
Yes, as a requirement of SOC2 and ISO:27001 standards, Proto conducts penetration testing once a year.
Does Proto undergo external security evaluations or hold security certifications?
Yes – Proto is backed by audited security standards including SOC 2 Type II and ISO 27001. The platform also supports HIPAA and GDPR requirements for regulated workflows.
Learn more: Security and Trust portal.
Explain the methods used for user data storage and outline Proto policies regarding data retention?
User data is stored on our cloud servers, which are hosted by AWS. We keep client data for the duration of your platform subscription, and it is removed 30 days after the subscription ends, allowing you the chance to export any necessary data from the platform. If requested, your data can be deleted before this period.
How does Proto handle sensitive data and confidentiality?
Proto prioritises data security and confidentiality by implementing robust encryption protocols, access controls, and biannual penetration testing. Additionally, sensitive data is anonymised or pseudonymised whenever possible to minimise risks. Access to confidential information is strictly limited to authorised personnel, and all interactions with the platform are logged and monitored to detect and prevent any unauthorised access or data breaches.
How does the AI agent secure its interactions with external systems through APIs, ensuring authentication and data validation?
The AI agents secure API interactions with encryption protocols like HTTPS to protect data integrity and confidentiality in transit. For authentication, Proto uses API keys and OAuth tokens to guarantee that only authorised users access these APIs. To maintain data integrity, Proto enforces strict input validation and sanitisation practices on enduser inputs prior to processing. Proto also applies rate limiting and throttling to prevent misuse and promote equitable resource use. Through regular security evaluations and vulnerability scanning, Proto proactively identifies and mitigates potential security threats. Adhering to OWASP recommendations and industry norms for API security, along with continuous activity monitoring and logging, Proto swiftly addresses any abnormal actions. This approach underscores Proto's dedication to ensuring a secure, trustworthy exchange with external systems, protecting user data's privacy and integrity.
How is information securely exchanged between the AI agent system and external systems? What are the security protocols utilized?
The information is secured both when stored and during transmission. The security protocols employed include TLS and SSL.
What are measures implemented to control access to confidential information and features according to user roles?
The Proto platform offers two primary levels of user roles: Company and Team. Each level customisable across a comprehensive set of approximately 50 permissions. This granularity allows for precise control over user access and features, enabling organisations to tailor the security of the platform to meet their specific needs.
What are the capabilities for tracking and logging within Proto system?
Proto's system is equipped with extensive logging and tracking capabilities to monitor user activities. This includes keeping a detailed record of modifications in platform settings, assistant configurations, ticketing, and live chat details, providing a clear audit trail of all changes.
What is Proto's approach to security incidents? How are these incidents managed and reported?
Proto prioritises rapid response to critical incidents. Information about any possible disruptions and downtime is relayed through Proto's status page at status.proto.cx.
What measures Proto have for business continuity and disaster recovery?
Proto incorporates comprehensive business continuity and disaster recovery protocols to guarantee service availability at all times. This includes routine backups of vital data and system configurations, alongside redundant components to reduce the risk of singular failure points. Moreover, the infrastructure supporting Proto's service is strategically distributed across multiple geographic data centers, ensuring the availability of failover options during unforeseen incidents. Proto also regularly undertakes tests and simulations to affirm the effectiveness of its disaster recovery plans, aiming for swift and efficient restoration of services in the event of any disruptions.
What measures does Proto take to educate its employees about security threats and enforce best practices?
Proto uses Security Journey to offer ongoing security training to its employees and comply with SOC2 standards. This method guarantees that employees are consistently informed about potential security challenges and follow established guidelines for best practices in security.
What methods are utilised for verifying user identities and is there two-factor authentication?
The system uses email and password-based authentication, as well as Single Sign-On (SSO) options through Google and Microsoft, and it includes support for multi-factor authentication.
What processes does Proto employ to discover, evaluate, and mitigate security risks?
Proto consistently conducts reviews mandated by SOC2 and ISO:27001 standards, such as biannual penetration tests, quarterly vulnerability scans, and security assessments, to identify and evaluate security risks. Additionally, internal security tests are carried out, and proactive steps are taken to strengthen the security of our solutions.
What roles and permissions are available on the Proto platform?
The Proto platform offers granular roles and permission levels that are fully customisable to your needs. You can create roles and define precisely what each team member can access and at which level.
What steps does Proto take to support data privacy laws, and how is user data safeguarded?
Proto supports data privacy requirements such as GDPR and can be deployed for HIPAA–aligned workflows. Data is protected behind robust firewalls on secured infrastructure, with controls such as IP allowlisting, SSO, and multi–factor authentication.
Learn more: Data privacy and Security.
Where is Proto and client data hosted?
Proto and client data can be hosted on Amazon Web Services (AWS) in supported regions, including Singapore and Europe.
For data sovereignty needs, Proto supports hybrid and on–premise hosting, including hosting chats, people, and tickets in your own databases (available on Enterprise plans).
Learn more: Data privacy and Enterprise.