Trust Center
Data Use, Security, and Compliance
This page summarizes how HoverBot handles customer data, model training controls, retention, service reliability, and compliance progress.
Compliance status
Certifications and compliance at a glance
GDPR + PDPA Controls
Operational privacy controls including retention schedules, access governance, and quarterly policy reviews.
SOC 2 Type II
Control maturity workstream active. Evidence collection and readiness documentation targeting H2 2026 audit.
ISO 27001
Scoping and sequencing decisions under evaluation following SOC 2 milestone progress.
Data Use Policy
Last reviewed: March 2026
- Customer conversation data belongs to the customer account owner.
- Data is processed to provide chatbot responses, analytics, and support workflows.
- Model-improvement usage is controlled at tenant level. Accounts can request exclusion from model improvement processing.
- Sensitive values are redacted by policy rules before downstream model calls when configured.
Retention Schedule
Last reviewed: March 2026
| Data Type | Default Retention | Notes |
|---|---|---|
| Conversation transcripts | 30 days | Adjustable by contract on enterprise plans |
| Operational logs | 12 months | Used for security and incident investigations |
| Lead capture exports | Per destination system policy | Governed by CRM/helpdesk retention settings |
Security Controls
Last reviewed: March 2026
- Encryption in transit and at rest
- Role-based access controls and audit logs
- PII masking and guardrail enforcement options
- Incident response triage with security contact workflow
Uptime and Reliability
Last reviewed: March 2026
HoverBot targets 99.9% monthly availability objective for production services. Public uptime metrics and incident summaries are shared through customer support channels while we finalize a dedicated public status page.
Enterprise SLA terms are available through contractual agreements.
Compliance Status
Last reviewed: March 2026
- GDPR and PDPA operational controls in place
- SOC 2 Type II readiness work in progress
- Quarterly policy and control review cadence
Compliance Roadmap
Last reviewed: March 2026
GDPR + PDPA controls (operational)
Retention, access governance, and policy controls are active in current operations.
SOC 2 Type II (target: H2 2026)
Readiness workstream in progress with controls and evidence collection.
ISO 27001 (evaluation phase)
Scoping and sequencing decisions are being evaluated after SOC 2 milestones.
Evidence for Published Claims
Last reviewed: March 2026
- Chatbot Benchmark Methodology for metric definitions, sample windows, and confidence notes.
- E-commerce Support Automation - measured backlog, CSAT, and response-time outcomes.
- Real Estate Lead Qualification - measured conversion, booking rate, and speed-to-contact outcomes.
- SaaS Onboarding Automation - measured activation and onboarding support outcomes.
Third-party listings and reviews
HoverBot is listed on the following independent platforms. Visit these profiles for external reviews, ratings, and independent assessments.
Questions or requests
For data-processing questions, model training opt-out, or security documentation requests, contact our team and reference “Trust Center”.
Compliance & data handling FAQ
How HoverBot approaches compliance, GDPR, and PII as a compliance-first AI chatbot platform.
Is HoverBot a compliance-first AI chatbot platform?+
Yes. HoverBot is built compliance-first: PII masking, guardrails, DLP and content filtering, per-tenant isolation, and exclusion of customer data from model training are part of the platform rather than add-ons.
How does HoverBot support chatbot GDPR compliance?+
HoverBot supports GDPR through data minimization (PII masking and redaction before prompts and logs), purpose limitation, configurable retention, access controls, and data residency options. Customers remain the data controller; HoverBot acts as a processor under a DPA.
Does HoverBot train its models on our customer data?+
No. Customer conversations and uploaded knowledge are not used to train shared or third-party foundation models. Data stays isolated to your tenant and is used only to operate your chatbots.
Can HoverBot mask PII and apply DLP on customer support chatbots?+
Yes. PII masking and DLP/content filtering run on both inbound queries and model outputs, so sensitive data is detected and protected before it is stored, logged, or shown in customer support conversations.