01 — Architecture: who runs what

Chatworthy is intentionally built on a small number of best-in-class, independently audited providers rather than a sprawl of vendors:

Why this matters: your data inherits the physical security, network hardening, and audit posture of Google Cloud and Anthropic — controls that no small vendor could replicate alone.

02 — Encryption, everywhere data moves or rests

• In transit: all traffic — your dashboard, the chat widget on your website, and every API call — is encrypted with TLS (HTTPS). There is no unencrypted path into Chatworthy.
• At rest: the database storing your conversations and configuration is encrypted at rest by the managed database provider.
• Your AI API keys: if you bring your own OpenAI or Anthropic key, it is encrypted with AES-256-GCM before it is stored, and decrypted only in memory at the moment a reply is generated. Keys are never sent to the browser and never appear in logs; the dashboard shows only the last four characters.

03 — AI and your data: the question everyone should ask

Does the AI train on my customers' conversations? No.

Chatworthy generates replies through Anthropic's commercial API. Under Anthropic's commercial terms, API inputs and outputs are not used to train Anthropic's models. Your customers' conversations are processed to generate a reply and stored in your own Chatworthy workspace — they do not become anyone's training data.

• We send the model only what it needs to answer: the conversation, your agent's instructions, and the relevant snippets of your knowledge base.
• Your knowledge base content stays in your workspace. It is retrieved per-question, never shared across customers.
• One customer's data is never used to answer another customer's questions. Workspace isolation is enforced at the database query level on every request.

04 — Payments: card data never touches Chatworthy

In-chat payments are deliberately designed so that Chatworthy never sees, stores, or transmits card numbers. When your agent presents a payment button, the customer pays on a secure hosted checkout page operated by your payment provider — Stripe, Shopify, or Square — all PCI DSS Level 1 certified processors.

Chatworthy stores only what you configure: the offer name, the price label, and the checkout link. This keeps your business and ours outside the scope of handling raw card data, which is exactly where you want to be.

05 — Access control

• Workspace isolation: every agent, conversation, and knowledge source belongs to exactly one workspace. Every API request is checked against the signed-in user's workspace membership.
• Authentication: email + password (passwords are hashed, never stored in plain text) or Sign in with Google (OAuth 2.0).
• Team roles: you control who joins your workspace, and access can be revoked instantly from Settings → Team.
• Widget credentials: your website widget authenticates with a scoped API key that can only read its own agent's public configuration and post customer messages — it cannot read other conversations, change settings, or impersonate your team.

06 — Application security

• Contract-first validation: every API request and response is validated against a strict schema before it is processed. Malformed or unexpected input is rejected at the door.
• Rate limiting: the public chat widget and messaging endpoints are rate-limited to blunt abuse and scraping.
• Signed webhooks: inbound webhooks (such as billing events) are verified with HMAC signatures using timing-safe comparison — unsigned or tampered requests are rejected.
• Role integrity: the widget can only ever post as the customer. System and agent messages can only be created by the platform itself.
• Prompt protection: your agent's system prompt — your business logic — is never exposed through any public endpoint.

07 — Data ownership & retention

• Your data is yours. Conversations, leads, and knowledge content belong to you, not Chatworthy.
• Export: conversation transcripts are available in your dashboard; full data export is available on request.
• Deletion: deleting a knowledge source, agent, or your account removes the associated data. Workspace deletion requests are honored at privacy@chatworthy.ai.
• We don't sell data. Ever. Our business model is subscriptions, not your customer list.

08 — Compliance posture, stated honestly

Chatworthy is an early-stage platform, and we'd rather earn your trust with precision than with logos:

• Our infrastructure providers hold the certifications that matter at the infrastructure layer: Google Cloud (SOC 1/2/3, ISO 27001) and Anthropic (SOC 2 Type II, ISO 27001). Payment processing is handled by PCI DSS Level 1 providers.
• Chatworthy's own independent SOC 2 audit is on our roadmap as we scale. Enterprise customers who need contractual security commitments today — including a Data Processing Agreement — should contact security@chatworthy.ai.

09 — Found a vulnerability?

We want to hear about it before anyone else does. Email security@chatworthy.ai with steps to reproduce. We commit to acknowledging reports within 2 business days, and we will never pursue good-faith researchers who report responsibly.