Sign InStart a free trial

Security

Security you can verify

SiteGPT has completed a SOC 2 Type II examination, is GDPR certified, and HIPAA assessed. Your data is encrypted, access-controlled, and never used to train AI models.

SOC 2 Type IISOC 2 Type IIGDPR CompliantGDPR CompliantHIPAA CompliantHIPAA Compliant

Your conversations are yours

As an AI-powered product, we hold ourselves to a higher standard on data handling.

We never train on your data

Your conversations, training data, and customer interactions are never used to train or fine-tune any AI models. Period.

Zero data retention with LLM providers

Messages sent to OpenAI for processing are not used for training. OpenAI's API data usage policy states that API inputs and outputs are not used to train their models.

You own your data

Export or delete your data anytime. No lock-in, no data hostage situations. Your content, your conversations, your control.

Compliance certifications

Independently verified by third-party auditors.

SOC 2® Type II

Completed a SOC 2 Type II examination covering security, availability, and confidentiality trust service criteria. Audited by an independent CPA firm with zero exceptions noted across all tested controls.

  • Security, availability & confidentiality
  • Report available for Enterprise customers
Request SOC 2 report

GDPR Compliant

Certified compliant with EU General Data Protection Regulation by DPLMC International. Full compliance with data protection requirements for EU customers.

  • Data Processing Agreement available
  • Subprocessor list published
View DPA

HIPAA Compliant

Assessed by DPLMC International for compliance with HIPAA security and privacy requirements. Safeguards in place for Protected Health Information.

  • Business Associate Agreement available
  • Available on Enterprise plan
Request BAA

How we protect your data

Encryption

All data encrypted in transit with TLS 1.2+ and at rest. No unencrypted data leaves our systems.

Access controls

Role-based permissions for team members. Control who can access chatbot settings, training data, and conversation history.

Infrastructure

Deployed on Cloudflare Workers at the edge for low latency and high availability. Database access managed through Prisma Accelerate.

Vendor management

All subprocessors are vetted and documented. Full subprocessor list published at /legal/subprocessors.

Data processing

Data Processing Agreement available for Enterprise customers for GDPR compliance.

Monitoring

Continuous monitoring of infrastructure and application security. Automated alerting for anomalous activity.

Trust & transparency

Everything you need for your security review.

Trust portal

Access SOC 2 report, security documentation, and compliance details.

trust.sitegpt.ai

Data Processing Agreement

Data Processing Agreement available for Enterprise customers.

View DPA

Subprocessors

Full list of third-party services that process data on our behalf.

View list

Privacy policy

How we collect, use, and protect your personal information.

View policy

Ready to take SiteGPT for a spin?

Find out if a personalized AI support chatbot is a good fit for you in just a few hours.

Start a free trialBook a demo