Security at WaaZ
We build security into every layer of WaaZ. Learn how we protect your data, conversations, and infrastructure.
Security Practices
Encryption at Rest & in Transit
All data is encrypted using AES-256 when stored and TLS 1.3 when transmitted between your users and our servers. This includes conversation logs, uploaded documents, and account credentials.
Authentication & Access Control
WaaZ supports strong password policies, multi-factor authentication (MFA), and role-based access control (RBAC). Admins can manage team permissions and restrict access to sensitive features.
Secure Infrastructure
Our infrastructure runs on cloud providers that maintain SOC 2 Type II and ISO 27001 certifications. We use isolated environments, automated patching, and continuous vulnerability scanning.
Data Isolation
Each customer's data is logically separated. AI Employees only access the knowledge bases and conversations they are explicitly authorized to handle — no cross-tenant data access.
Vulnerability Management
We conduct regular penetration testing, dependency scanning, and automated security audits. Known vulnerabilities are patched promptly, and we run a responsible disclosure program for security researchers.
Backups & Recovery
Automated daily backups with point-in-time recovery ensure your data is protected against accidental deletion or system failures. Backups are encrypted and stored in geographically distributed regions.
Compliance & Certifications
SOC 2 Type II
Our infrastructure provider maintains SOC 2 Type II certification for security, availability, and confidentiality.
GDPR Ready
WaaZ is designed to support GDPR compliance with data deletion, export, and processing restriction capabilities.
ISO 27001
Our hosting environment is certified under ISO 27001 for information security management.
Have a Security Question?
If you have found a vulnerability or have a security concern, please reach out to our team.
security@waaz.ai