Security - EBI.AI

When it comes to the next generation of tooling for customer success, Chat-GPT and a wealth of early prototype apps have made it difficult to identify the biggest opportunities and mitigate the risks. Our platform is trusted by clients like BMW and Legal & General, because we specialise in securing both your company’s and your customer’s data as a priority. Whether you’re a retailer who can’t afford the brand impact from being hacked, a fintech that needs to meet FCA regulatory standards, or a public sector organisation dealing with sensitive information, you can trust that our platform meets the toughest standards.

Bulletproof account security

You decide which members of your team have access to your AI assistant and we’ll do the rest to secure all your accounts:

Two-factor authentication (2FA)
Granular role-based access control
Integration with external identity providers on request
Encryption at rest and in transit: 256-bit AES encryption at rest and TLS 1.2 for encrypting data in transit

Security for your customer and their data

As the data processor, we store your conversation information and review its content responsibly:

Removal of personal data (redaction)
Annual penetration testing by a CREST member company that has NCSC CHECK Green Light status
Principal of least privilege
SOC 2 compliant data centres

Compliance

Our compliance regulation is robust, even for insurance companies and finance providers who have lots of governance rules to follow:

GDPR compliant
Designed to WCAG 2.1 AA standard inc. screen readers, font sizes, keyboard navigation, and colour management
Cyber Essentials Plus certification
All data in UK and EU

Change management

If we make any changes to our platform you’re protected by:

Peer code reviews

Code auditing

Robust unit testing

Continuous integration

Active monitoring

Change advisory board

Deployment log

Cloud security

Our platform is cloud based. Join today and you’ll benefit from the highest security features, reliability, and scalability of Amazon Web Services (AWS) as our chosen cloud provider.

Backups stored within the UK/EU for 13 months
Physical security of data centres provided by AWS
No data is accessible by cloud providers

Vulnerability management

Finally, we always keep our defences up:

Automatic DDoS protection
Automatic dependency scanning within software
Scanning of third-party software
Blocking of IP addresses
Patch release in line with severity

Policy documents

You need to know we have strict policies in place to manage security and these are updated annually, with internal audits carried out quarterly. Here’s just a handful of examples:

Data protection (read our Privacy Policy)
Information technology
Change management
Risk management
Security
Security incidents
Disaster recovery plan
Break-glass procedure

Best practice

We apply secure coding practices including the OWASP Top 10
Overall access is restricted to EBI employees only

If you have any questions about security or compliance in industries like insurance or local government, or want to know more about how we can support you with compliance issues, book a call and we’ll be happy to talk some more.

Meet us