Trust Center

Data Use, Security, and Compliance

This page summarizes how HoverBot handles customer data, model training controls, retention, service reliability, and compliance progress.

Compliance status

Certifications and compliance at a glance

Active

GDPR + PDPA Controls

Operational privacy controls including retention schedules, access governance, and quarterly policy reviews.

In progress

SOC 2 Type II

Control maturity workstream active. Evidence collection and readiness documentation targeting H2 2026 audit.

Evaluating

ISO 27001

Scoping and sequencing decisions under evaluation following SOC 2 milestone progress.

Data Use Policy

Last reviewed: March 2026

  • Customer conversation data belongs to the customer account owner.
  • Data is processed to provide chatbot responses, analytics, and support workflows.
  • Model-improvement usage is controlled at tenant level. Accounts can request exclusion from model improvement processing.
  • Sensitive values are redacted by policy rules before downstream model calls when configured.

Retention Schedule

Last reviewed: March 2026

Data TypeDefault RetentionNotes
Conversation transcripts30 daysAdjustable by contract on enterprise plans
Operational logs12 monthsUsed for security and incident investigations
Lead capture exportsPer destination system policyGoverned by CRM/helpdesk retention settings

Security Controls

Last reviewed: March 2026

  • Encryption in transit and at rest
  • Role-based access controls and audit logs
  • PII masking and guardrail enforcement options
  • Incident response triage with security contact workflow

Uptime and Reliability

Last reviewed: March 2026

HoverBot targets 99.9% monthly availability objective for production services. Public uptime metrics and incident summaries are shared through customer support channels while we finalize a dedicated public status page.

Enterprise SLA terms are available through contractual agreements.

Compliance Status

Last reviewed: March 2026

  • GDPR and PDPA operational controls in place
  • SOC 2 Type II readiness work in progress
  • Quarterly policy and control review cadence

Compliance Roadmap

Last reviewed: March 2026

GDPR + PDPA controls (operational)

Retention, access governance, and policy controls are active in current operations.

SOC 2 Type II (target: H2 2026)

Readiness workstream in progress with controls and evidence collection.

ISO 27001 (evaluation phase)

Scoping and sequencing decisions are being evaluated after SOC 2 milestones.

Evidence for Published Claims

Last reviewed: March 2026

Third-party listings and reviews

HoverBot is listed on the following independent platforms. Visit these profiles for external reviews, ratings, and independent assessments.

Questions or requests

For data-processing questions, model training opt-out, or security documentation requests, contact our team and reference “Trust Center”.

Compliance & data handling FAQ

How HoverBot approaches compliance, GDPR, and PII as a compliance-first AI chatbot platform.

Is HoverBot a compliance-first AI chatbot platform?+

Yes. HoverBot is built compliance-first: PII masking, guardrails, DLP and content filtering, per-tenant isolation, and exclusion of customer data from model training are part of the platform rather than add-ons.

How does HoverBot support chatbot GDPR compliance?+

HoverBot supports GDPR through data minimization (PII masking and redaction before prompts and logs), purpose limitation, configurable retention, access controls, and data residency options. Customers remain the data controller; HoverBot acts as a processor under a DPA.

Does HoverBot train its models on our customer data?+

No. Customer conversations and uploaded knowledge are not used to train shared or third-party foundation models. Data stays isolated to your tenant and is used only to operate your chatbots.

Can HoverBot mask PII and apply DLP on customer support chatbots?+

Yes. PII masking and DLP/content filtering run on both inbound queries and model outputs, so sensitive data is detected and protected before it is stored, logged, or shown in customer support conversations.