Data & Compliance

Trust and security for 200+ home service businesses.

Our Security Posture

ConvoPilot was designed from the ground up for the US home services market. We prioritize **resilience, reliability, and region-locked data residency**. We don't just store your data; we protect it using enterprise-grade infrastructure.

SOC2 Infrastructure

Our primary database (Supabase) and compute layers (AWS Lambda & Render) maintain SOC2 Type II, ISO 27001.

PCI-DSS Level 1

We never store your credit card information. All payments are processed by **Stripe**, the gold standard for PCI-compliant financial technology.

US West Region Lockdown

We understand that US businesses prefer their data to stay home. ConvoPilot enforces **Exclusive US Data Residency**:

Cloud StorageAWS US-West-2 (Oregon)
Real-time EdgeRender US-West Clusters
Cache TierUpstash Global (US Edge Priority)

Data Isolation and Multi-Tenancy

Your data is logically isolated from other businesses using **Transactional Tenant Guards**. Every database query is scoped to your `business_account_id` at the database level, ensuring it is impossible for your analytics, bookings, or leads to be seen by anyone else.

Privacy by Design

  • No AI Bias: Our deterministic button algorithms ensure that your customers are always guided fairly and consistently.
  • 7-Day Retention: Chat session data is kept for only 7 days to minimize risk while allowing for customer session support.
  • Idempotency: All financial and webhook transactions are fully idempotent, preventing "double-charging" or missed notifications.