Security

Data protection & encryption#

We take data protection seriously. All data handled by trained.chat is secured using industry-standard protocols:

• Encryption at Rest: Your files and index information are stored using AES-256 encryption.
• TLS in Transit: All communications between your users, widgets, and our services are encrypted using TLS 1.3.

Sandboxed execution#

When an agent triggers custom actions, the requests run inside isolated execution environments.

These isolated sandboxes prevent prompt injection vulnerabilities or code from accessing other client configurations. This strict boundaries design guarantees that your agent's API runs can never leak credentials or cross organization structures.

Key rotation#

All connected API keys (e.g. Stripe credentials or Shopify keys) are stored in secure, hardware-encrypted vaults.

To maintain high security, our platform supports automated key rotation schedules. We recommend rotating connected keys every 90 days to prevent compromised credential issues.

Compliance#

trained.chat is built to comply with global data safety regulations:

• SOC2 Type II: Our systems are audited annually to verify strict security controls.
• GDPR compliant: We provide data protection agreements (DPA) and support complete data deletions on request.