By continuing to visit this website, you agree to our privacy policy and use of cookies.

Agree

Built-in data privacy and security

Proto's AICX platform architecture is adaptable to evolving data privacy policies – with on-premise and proprietary AI when large language models are prohibited.
Protection standards
Trust in audited standards
Proto's SOC2 (Types I & II) and ISO 27001 certifications are the highest industry standard for messaging data.
SOC 2 Type II
ISO 27001
Data residency
Host onsite or hybrid
Deploy with local hosting solutions that are setup within two weeks.
Data access
Enforce IP access
Limit Proto AICX access to offices and remote workers with authorized IP addresses.
Data privacy
Encrypt messaging
All messaging is SHA-256 encrypted at rest and in transit.
Hello Sam!
In accordance with new regulation, we require your government issued ID for international banking.
Learn more
Upload passport
Upload driver's license
AI Assistants
Train your dedicated LLM
Deploy a customised and secure large language model trained on your organisation’s knowledge and enhanced with ProtoAI natural language understanding – without sharing data with third-party LLM providers.
Channels
Rely on additional channel security
Engage with customers through your preferred messaging apps, each offering the latest privacy protections for billions of daily endusers.

Best practices, ongoing audits

Proto’s operations, products, and people maintain the leading global data privacy and security protocols.
Certification maintenance
Our security certificates are maintained indefinitely and regularly audited by third-party compliance firms.
Employee security
Our staff and equipment meet or exceed specific international security and data protection standards.
Regular external review
Proto invests in external compliance reviews including penetration testing, vulnerability scans, and security audits.
Ongoing training
At Proto, security is never done. Regular team training programs allow us to stay at the forefront of data protection.

Security FAQ

Find answers to common security questions about Proto’s certifications, data protection measures, and compliance standards.

Can clients request data deletion or export their data?

Yes, your data will be automatically deleted after 30 days if you request account deletion. You can export your data directly from your Proto account or request support from our team.

Does Proto routinely carry out penetration testing?

Yes, as a requirement of SOC2 and ISO:27001 standards, Proto conducts penetration testing once a year.

Does Proto subject itself to external security evaluations and hold any significant security certifications?

Yes, Proto holds the SOC2 and ISO:27001 certification, conducts penetration testing annually, and works with security organisations such as Vanta and Sentry Assurance, maintaining a high level of security for client data.

Explain the methods used for user data storage and outline Proto policies regarding data retention?

User data is stored on our cloud servers, which are hosted by AWS. We keep client data for the duration of your platform subscription, and it is removed 30 days after the subscription ends, allowing you the chance to export any necessary data from the platform. If requested, your data can be deleted before this period.

How does Proto handle sensitive data and confidentiality?

Proto prioritises data security and confidentiality by implementing robust encryption protocols, access controls, and biannual penetration testing. Additionally, sensitive data is anonymised or pseudonymised whenever possible to minimise risks. Access to confidential information is strictly limited to authorised personnel, and all interactions with the platform are logged and monitored to detect and prevent any unauthorised access or data breaches.

How does the AI assistant secure its interactions with external systems through APIs, ensuring authentication and data validation?

The AI assistants secure API interactions with encryption protocols like HTTPS to protect data integrity and confidentiality in transit. For authentication, Proto uses API keys and OAuth tokens to guarantee that only authorised users access these APIs. To maintain data integrity, Proto enforces strict input validation and sanitisation practices on enduser inputs prior to processing. Proto also applies rate limiting and throttling to prevent misuse and promote equitable resource use. Through regular security evaluations and vulnerability scanning, Proto proactively identifies and mitigates potential security threats. Adhering to OWASP recommendations and industry norms for API security, along with continuous activity monitoring and logging, Proto swiftly addresses any abnormal actions. This approach underscores Proto's dedication to ensuring a secure, trustworthy exchange with external systems, protecting user data's privacy and integrity.

How is information securely exchanged between the assistant system and external systems? What are the security protocols utilized?

The information is secured both when stored and during transmission. The security protocols employed include TLS and SSL.

What are measures implemented to control access to confidential information and features according to user roles?

The Proto AICX Platform offers two primary levels of user roles: Company and Team. Each level customisable across a comprehensive set of approximately 50 permissions. This granularity allows for precise control over user access and features, enabling organisations to tailor the security of the platform to meet their specific needs.

What are the capabilities for tracking and logging within Proto system?

Proto's system is equipped with extensive logging and tracking capabilities to monitor user activities. This includes keeping a detailed record of modifications in platform settings, assistant configurations, ticketing, and live chat details, providing a clear audit trail of all changes.

What is Proto's approach to security incidents? How are these incidents managed and reported?

Proto prioritises rapid response to critical incidents. Information about any possible disruptions and downtime is relayed through Proto's status page at https://status.proto.cx/.

What measures Proto have for business continuity and disaster recovery?

Proto incorporates comprehensive business continuity and disaster recovery protocols to guarantee service availability at all times. This includes routine backups of vital data and system configurations, alongside redundant components to reduce the risk of singular failure points. Moreover, the infrastructure supporting Proto's service is strategically distributed across multiple geographic data centers, ensuring the availability of failover options during unforeseen incidents. Proto also regularly undertakes tests and simulations to affirm the effectiveness of its disaster recovery plans, aiming for swift and efficient restoration of services in the event of any disruptions.

What measures does Proto take to educate its employees about security threats and enforce best practices?

Proto uses Security Journey to offer ongoing security training to its employees and comply with SOC2 standards. This method guarantees that employees are consistently informed about potential security challenges and follow established guidelines for best practices in security.

What methods are utilised for verifying user identities and is there two-factor authentication?

The system uses email and password-based authentication, as well as Single Sign-On (SSO) options through Google and Microsoft, and it includes support for multi-factor authentication.

What processes does Proto employ to discover, evaluate, and mitigate security risks?

Proto consistently conducts reviews mandated by SOC2 and ISO:27001 standards, such as biannual penetration tests, quarterly vulnerability scans, and security assessments, to identify and evaluate security risks. Additionally, internal security tests are carried out, and proactive steps are taken to strengthen the security of our solutions.

What roles and permissions are available on the Proto AICX Platform?

The Proto AICX Platform offers granular roles and permission levels that are fully customisable to your needs. You can create roles and define precisely what each team member can access and at which level.

What steps does Proto take to ensure adherence to data privacy laws, and how is user data safeguarded?

Proto adheres to data privacy laws such as GDPR and corresponding regional privacy regulations by utilizing the AWS platform, which maintains the highest security benchmarks, as our data processing foundation. For safeguarding user privacy, the data resides behind robust firewalls on secured servers. Additionally, clients have the option to implement IP whitelisting, Single Sign-On (SSO), and multi-factor authentication to enhance security.

Where is Proto and client data hosted?

The Proto AICX Platform and client data are hosted on Amazon Web Services (AWS) in Singapore and Europe. Additionally, for clients requiring specific data management, the Enterprise Max Add-On allows the hosting of data (chats, audience information, tickets, etc.) in their own databases (On-premise hosting).