De-risk your AI upgrade with our leading data, security, and regulatory compliance standards

When it comes to the next generation of tooling for customer success, Chat-GPT and a wealth of early prototype apps have made it difficult to identify the biggest opportunities and mitigate the risks. Our platform is trusted by clients like BMW and Legal & General, because we specialise in securing both your company’s and your customer’s data as a priority. Whether you’re a retailer who can’t afford the brand impact from being hacked, a fintech that needs to meet FCA regulatory standards, or a public sector organisation dealing with sensitive information, you can trust that our platform meets the toughest standards.

Bulletproof account security

You decide which members of your team have access to your AI assistant and we’ll do the rest to secure all your accounts:

  • Two-factor authentication (2FA)
  • Granular role-based access control
  • Integration with external identity providers on request
  • Encryption at rest and in transit: 256-bit AES encryption at rest and TLS 1.2 for encrypting data in transit

Security for your customer and their data

As the data processor, we store your conversation information and review its content responsibly:

  • Removal of personal data (redaction)
  • Annual penetration testing by a CREST member company that has NCSC CHECK Green Light status
  • Principal of least privilege
  • SOC 2 compliant data centres

Compliance

Our compliance regulation is robust, even for insurance companies and finance providers who have lots of governance rules to follow:

  • GDPR compliant
  • Designed to WCAG 2.1 AA standard inc. screen readers, font sizes, keyboard navigation, and colour management
  • Cyber Essentials Plus certification
  • All data in UK and EU

Cloud security

Our platform is cloud based. Join today and you’ll benefit from the highest security features, reliability, and scalability of Amazon Web Services (AWS) as our chosen cloud provider.

  • Backups stored within the UK/EU for 13 months
  • Physical security of data centres provided by AWS
  • No data is accessible by cloud providers

Vulnerability management

Finally, we always keep our defences up:

  • Automatic DDoS protection
  • Automatic dependency scanning within software
  • Scanning of third-party software
  • Blocking of IP addresses
  • Patch release in line with severity

Policy documents

You need to know we have strict policies in place to manage security and these are updated annually, with internal audits carried out quarterly. Here’s just a handful of examples:

  • Data protection (read our Privacy Policy)
  • Information technology
  • Change management
  • Risk management
  • Security
  • Security incidents
  • Disaster recovery plan
  • Break-glass procedure

Best practice

  • We apply secure coding practices including the OWASP Top 10
  • Overall access is restricted to EBI employees only

If you have any questions about security or compliance in industries like insurance or local government, or want to know more about how we can support you with compliance issues, book a call and we’ll be happy to talk some more.

Meet us

Case Studies

Security & compliance

Legal & General Insurance: Using AI to answer 4,000 customer queries a month

Why 83% of Legal and General Insurance customers turn to their AI assistant, smarthelp, first for help with their insurance.

5 min read

Read more

Security & compliance

Legal & General Insurance: Using AI to answer 4,000 customer queries a month

Why 83% of Legal and General Insurance customers turn to their AI assistant, smarthelp, first for help with their insurance.

5 min read

Read more