Skip to content
AskVault Docs
Try Free →

Data handling and privacy commitments

Written by , Founder, AskVault · Reviewed by Aashiq
Last updated: · 5 min read

What data AskVault stores

Three categories:

  1. Customer-facing content. Knowledge sources (documents, URLs, snippets) you upload. Used for the bot's answers.
  2. Conversation data. Messages, metadata, citations, agent actions, audit logs.
  3. Account data. Your user account info, billing details, team membership.

What we don't store:

  • Credit card numbers. Handled by payment processors only. Not in AskVault scope.
  • Passwords. Stored as one-way salted hashes, never the plaintext.
  • Encryption keys for your data. Held in dedicated key-management infrastructure separately from the data itself.

Encryption

Two layers:

At rest. AES-256 encryption on every database, every file storage bucket, every backup. Industry standard for customer data.

In transit. TLS 1.3 with TLS 1.2 fallback. Every API call, every webhook delivery, every browser session.

Cipher choice: modern AEAD ciphers (AES-GCM, ChaCha20-Poly1305) for forward secrecy.

Never used for training

A clear commitment:

  • Your content is not used to train shared AI models.
  • Your conversations are not used to train shared AI models.
  • Your customer data is not used to train shared AI models.

This applies to LLM providers we route through (we configure no-training flags where available) and to AskVault itself.

If we ever offered an opt-in "improve the AI" feature, it would be explicit, off by default, and revocable. Today, no such feature exists.

Per-workspace isolation

Every workspace has logical isolation:

  • Vector indexes scoped by workspace_id. Retrieval queries can never return chunks from another workspace.
  • Conversations scoped by workspace_id. API calls authenticated with one workspace's key can't read another's data.
  • Audit logs scoped by workspace_id.

Code paths enforce this at every layer (router, service, query builder). Cross-workspace data leak would require a logic bug; we test extensively to prevent.

For Enterprise customers with stricter requirements, physical isolation is available (dedicated infrastructure per workspace).

Data retention

Standard retention:

Data typeRetentionOverride
Active conversationsUntil resolved + 365 daysConfigurable
Resolved conversations365 daysConfigurable up to 6 years on Enterprise
Audit logs365 days6 years on Enterprise
Backups90 days rollingN/A
Deleted-account dataWiped within 30 daysN/A
Cancelled-account dataWiped within 30 daysN/A

Configure per workspace under Workspace Settings > Data Retention.

Data deletion

Three deletion paths:

Per-conversation. Under Live Chat > [conversation] > Danger Zone > Delete. Conversation removed from active surfaces within 60 seconds; purged from backups at 90 days.

Per-contact (GDPR Right to Erasure). Under Contacts > [contact] > Danger Zone > Delete. Removes the contact and all linked conversations. Useful for GDPR Article 17 requests.

Per-workspace. Under Workspace Settings > Danger Zone > Delete. Wipes all data tied to the workspace within 30 days.

API endpoints exist for all three paths. Bulk operations available for high-volume requests.

Data portability (export)

Under GDPR Article 20 (and equivalent):

  • Per-contact export. All conversations, audit, attributes for one contact as JSON.
  • Per-workspace export. Full data dump as JSON or CSV.
  • Conversation export. Single conversation as JSON, CSV, or PDF transcript.

Exports complete within minutes for small workspaces; larger ones (over 10,000 conversations) split into chunks delivered via secure download links.

Sub-processors

We use sub-processors to deliver the service:

  • Hosting and infrastructure. Cloud providers running SOC 2 Type II infrastructure.
  • LLM providers. OpenAI (some features), Google (Gemini), with no-training flags set.
  • Email delivery. Transactional email provider for verification, alerts, notifications.
  • Payment processing. Razorpay (INR primary), Stripe (international, configured).
  • Analytics. PostHog (EU region), Cloudflare Web Analytics.

Full list under sub-processors with the categories of data each handles.

Customer-data processing roles

Per GDPR roles:

  • AskVault is the data processor. We handle data on your instructions.
  • You are the data controller for the customers who interact with your bot.
  • End customers are the data subjects.

A standard DPA covers this relationship. Enterprise customers sign a custom DPA; smaller plans get a click-through DPA covering the same terms.

Regional data residency

Where data is stored:

  • Standard accounts. A single primary region with backups in nearby zones.
  • EU customers requiring data residency. EU-region storage available on Business and above.
  • Enterprise with strict locality. Dedicated infrastructure in the customer's chosen region.

Configure under Workspace Settings > Data Residency (Business and above).

Audit and access control

Who can access your data:

On your side.

  • Workspace admins: full access.
  • Editors: knowledge and conversations.
  • Viewers: read-only.
  • API keys: scoped to specified permissions.

On our side.

  • No engineer accesses customer data routinely.
  • Break-glass procedures for incident response require multi-party approval and audit logging.
  • All admin access logged in an audit system retained for the workspace's retention period.

Available evidence on request for SOC 2 audits.

Security posture summary

  • SOC 2 Type II. Infrastructure-level controls inherited from our hosting providers; AskVault-specific controls audited.
  • HIPAA. BAA-eligible on Enterprise. Don't process protected health information on lower tiers.
  • GDPR. Full compliance: lawful basis, data subject rights, breach notification within 72 hours.
  • CCPA / CPRA. Compliant: opt-out, deletion, portability.
  • TLS 1.3 plus AES-256. Industry-standard encryption.
  • Daily backups, 90-day retention.
  • Penetration testing. Annual third-party assessment.

See security overview for the full posture.

Customer-led data deletion

For GDPR or CCPA requests:

Terminal window
curl -X DELETE https://api.askvault.co/v1/contacts/contact_xxx \
  -H "Authorization: Bearer ak_xxx" \
  -H "X-Reason: gdpr_right_to_erasure"

Triggers immediate deletion plus logs the legal basis. Backup purge follows the 90-day cycle.

For bulk requests, contact support; we coordinate within 30 days as required by GDPR.

Breach response

If a security incident occurs:

  1. Detection. Monitoring catches anomalies within minutes.
  2. Containment. Affected systems isolated within 1 hour.
  3. Investigation. Root cause analysis within 24 hours.
  4. Notification. Affected customers notified within 72 hours per GDPR.
  5. Remediation. Fix deployed, monitoring confirms.
  6. Postmortem. Public summary published.

See incident response policy for the full procedure.

Logging and observability

What we log:

  • API access events. Method, path, status, timestamp, user/key ID.
  • Authentication events. Login, password change, MFA challenges.
  • Data-modifying actions. Create, update, delete on customer data.
  • Bot conversations. Full transcript for the workspace's retention period.

What we don't log:

  • Plaintext passwords.
  • API key values.
  • Card numbers, CVV.
  • HMAC secrets, OAuth tokens.

Sensitive fields are redacted at the logging layer.

Planned commitments (on the roadmap)

Documented for accuracy. We list these to be transparent about what we'll add:

  • Customer-managed encryption keys (CMK). Today, AskVault manages encryption keys. CMK / BYOK planned for Enterprise.
  • Confidential-compute mode. Today, standard encryption. Confidential VMs for Enterprise workloads planned.
  • Per-conversation auto-deletion timer. Today, retention is workspace-scoped. Per-conversation timers planned.
  • Selective LLM provider opt-out. Today, provider routing is workspace-scoped. Per-conversation provider choice planned.

FAQ

Is my data used to train AskVault's AI?

No. Your content and conversations stay yours.

Where is my data stored?

Standard accounts: primary region with regional backups. EU residency available on Business and above. Specific regions available on Enterprise.

How long do you keep data after I delete it?

Active deletion within 60 seconds; backups purge within 90 days. Hard-delete after 90 days.

Can I export everything?

Yes. Per-conversation, per-contact, or per-workspace exports available in JSON or CSV.

What happens to my data if AskVault shuts down?

The DPA covers a 90-day wind-down window with full data export and verifiable deletion at end-of-window.

Was this page helpful?