Security at Novara.chat
We take the security of your data seriously. Here's how we protect your information and your customers' conversations.
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3. API communications are secured with HTTPS.
Encryption at Rest
Your training content, conversations, and account data are encrypted at rest using AES-256 encryption in our database.
Secure Authentication
We use industry-standard authentication with secure password hashing (bcrypt). Magic link authentication eliminates password risks.
Data Isolation
Each customer's data is logically isolated with row-level security policies. Your chatbot only accesses your training content.
Domain Restrictions
Configure which domains can load your chatbot widget. Prevent unauthorized embedding and protect your chatbot from misuse.
Regular Audits
We perform regular security assessments and keep our infrastructure updated with the latest security patches.
Infrastructure Security
Novara.chat is hosted on Vercel's secure infrastructure with:
- Automatic DDoS protection
- Global edge network for fast, secure delivery
- Automatic HTTPS for all traffic
- SOC 2 Type II certified infrastructure
Database Security
Our database is powered by Supabase (PostgreSQL), providing:
- Enterprise-grade security with SOC 2 compliance
- Row-Level Security (RLS) policies to isolate customer data
- Encrypted backups with point-in-time recovery
- Automatic failover and high availability
- Network isolation with private subnets
Payment Security
All payment processing is handled by Stripe:
- PCI DSS Level 1 certified (highest level)
- We never store or access your full credit card details
- Tokenized payment methods for recurring billing
- Fraud detection and prevention
AI Model Security
We use OpenAI's API for chatbot responses with these safeguards:
- Your training content is sent to OpenAI for processing only
- OpenAI does not use your data to train their models (API data usage policy)
- Conversations are processed in real-time and not stored by OpenAI
- Enterprise-grade API security with encrypted connections
Access Controls
- Strong password requirements with secure hashing
- Session management with automatic expiration
- Rate limiting to prevent brute force attacks
- Admin access to customer data is strictly limited and logged
Data Backup & Recovery
- Automatic daily backups with point-in-time recovery
- Backups are encrypted and stored in geographically separate locations
- 30-day backup retention for disaster recovery
- Regular backup restoration testing
Compliance
We are committed to meeting industry standards and regulations:
- GDPR: Data processing agreements, right to deletion, data portability
- CCPA: California consumer privacy rights compliance
- iOS App Store: Apple privacy guidelines compliance
- Shopify: Shopify app security requirements
Your Data Rights
We provide self-service tools for data management:
- Export Data: Download all your data in JSON format via Account Settings
- Delete Account: Permanently delete your account and all data via Account Settings
- Data Retention: See our Privacy Policy for retention periods
Incident Response
We have incident response procedures in place:
- 24/7 monitoring for security anomalies
- Documented incident response plan
- Notification within 72 hours for data breaches affecting your data
- Post-incident analysis and remediation
Responsible Disclosure
If you discover a security vulnerability, please report it to support@novara.chat. We appreciate responsible disclosure and will:
- Acknowledge receipt within 48 hours
- Provide an estimated timeline for resolution
- Keep you informed of progress
- Credit you in any public disclosure (if desired)
Security Summary
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Row-level security isolation
- SOC 2 compliant providers
- DDoS protection
- Global edge network
- Secure authentication
- Session management
- Rate limiting
- Security questions: support@novara.chat
- Vulnerability reports welcome
- 72-hour breach notification
Questions?
For security-related questions or concerns:
- Email: support@novara.chat
- Support: novara.chat/support
Operated by: AIBoost365
© 2026 Novara.chat. All rights reserved.