Trust

Security & Data Protection

Last updated: June 26, 2026

Savanto provides AI-powered search, chat, and recommendation widgets that embed on your website. This page summarizes how we protect and handle the data involved. It is intended for security and procurement review. For formal contractual terms, see our Data Processing Agreement (available on request) and our Privacy Policy.

At a glance

  • Hosting — Amazon Web Services (United States)
  • Encryption in transit — TLS 1.2 or higher
  • Encryption at rest — AES-256 via AWS managed services
  • Data ownership — You own all of your data; full export anytime
  • AI training — No training on your data without written consent
  • Tenant isolation — Logical segregation by tenant across all data stores
  • Breach notification — Within 72 hours of becoming aware
  • Independent audit — SOC 2 Type II in progress (target Q3 2026)
  • DPA — Available on request (GDPR / UK GDPR ready)

Data ownership

You own all of your data — indexed content, search queries, chat transcripts, and analytics. You can export it in full at any time, with no vendor lock-in. We do not sell your data.

We do not use your data to train general-purpose AI models without your written consent. We may use aggregated, anonymized signals to improve the product, and you can opt out of that.

What data we process

The widgets process the content you index for search and chat, plus the interactions of your website visitors with those widgets — for example chat message contents, search queries, IP addresses, browser/session identifiers, and any contact information a visitor voluntarily submits. Customers are contractually prohibited from submitting special-category (sensitive) personal data.

The assistant is designed not to collect personal data and never asks for it. An automatic safeguard detects common personal data patterns — such as credit card numbers, government identifiers, phone numbers, and addresses — and stops the message before the assistant processes it, prompting the visitor not to share sensitive details in chat.

Encryption

  • In transit — all data is encrypted using TLS 1.2 or higher.
  • At rest — all data is encrypted using AES-256, via the encryption provided by the underlying AWS managed services (DynamoDB, S3, OpenSearch, and block storage).

Access control

  • Production access requires multi-factor authentication.
  • Access is granted on a least-privilege basis and reviewed periodically.
  • All production access is logged and auditable.

Network and infrastructure security

  • Production workloads run within isolated AWS Virtual Private Cloud (VPC) environments with restrictive security-group rules.
  • Public-facing endpoints are fronted by AWS-managed edge protections, including TLS termination and DDoS mitigation.
  • Internal service-to-service traffic is confined to the VPC.

Tenant isolation

Your data is logically segregated by tenant identifier throughout our data stores. One customer's content, queries, and transcripts are never commingled with another's.

Monitoring and logging

  • Application and infrastructure logs are aggregated to AWS CloudWatch with retention sufficient for security investigation.
  • Anomalous activity is alerted to our on-call rotation.
  • Production deployments are recorded and traceable.

Vulnerability management

  • Dependency vulnerability scanning runs on every code change through automated CI tooling.
  • Operating-system and platform patching is handled on a regular cadence by the underlying AWS managed services.

Incident response

We maintain a documented security-incident response process covering detection, containment, investigation, customer notification, and post-incident review. In the event of a personal-data breach, we notify affected customers without undue delay and no later than 72 hours after becoming aware.

Personnel

All personnel with access to customer data are bound by confidentiality obligations and receive security-awareness guidance at onboarding.

Subprocessors

We engage a small number of subprocessors to deliver the service. As of the date above:

  • Amazon Web Services, Inc. (United States) — Cloud infrastructure: compute, storage, search, message queuing, and ML inference.
  • OpenAI, LLC (United States) — Large language model inference for chat and search pipelines.
  • Anthropic, PBC (United States) — Large language model inference (Claude models) for chat and search pipelines.

We provide advance written notice of any change to this list under our Data Processing Agreement. If you configure a custom integration that calls a third-party API, that provider becomes a subprocessor for your traffic and is listed in your agreement.

Data retention

By default, conversation transcripts are retained for 90 days and then deleted. Indexed content is retained until you remove it. Visitor personalization preferences expire automatically and are covered by the same ownership and deletion controls. Custom retention periods can be agreed in your order form.

Compliance and certifications

  • SOC 2 Type II — in progress, with a target of Q3 2026. We do not yet hold an independent third-party audit certification. Until certification is complete, we support vendor security reviews with this overview, our Data Processing Agreement, and completed security questionnaires (e.g. SIG / CAIQ) on request.
  • GDPR / UK GDPR — our Data Processing Agreement incorporates lawyer-vetted standard terms, with EU Standard Contractual Clauses and the UK Addendum for international transfers. Available on request.

Contact

Security questions and requests (DPA, questionnaires, subprocessor list): security@savanto.ai.

For general inquiries, visit our Contact page.