Welcome to the Conversica Trust Center. We recognize that trust is built on transparency and earned with experience. For more than a decade we have been providing AI-powered digital assistant solutions from a SaaS platform, and we have implemented numerous safeguards to protect the data which our customers entrust to us.
Yes. We have processes in place to honor data subject requests. If we receive a request directly from a data subject for whom a Customer is the data controller, we will relay the request to the Customer for their response.
Yes. Every new vendor must be vetted by the Legal and Security teams. This process includes completion of a detailed questionnaire, analysis of whether the vendor will have access to personal data, and submission of their security certifications.
Yes. Conversica has been certified by an independent auditor for compliance with the following standards: SOC II Type 2 Security Trust Principle and ISO/ICE 27001:2013. In addition, Conversica annually self-certifies its adherence to the EU-US and Switzerland-US Privacy Shield Frameworks.
Yes. We have processes in place to honor data subject requests. Conversica will export, correct, or delete personal data for which a Customer is the data controller upon the Customer's request. If we receive a request directly from a data subject, we will work with the associated customer to honor the request.
Conversica does utilize sub-processors who are listed at https://www.conversica.com/sub-processor/list-of-subprocessors/ All Customer Data is stored in Amazon Web Services data centers. The other sub-processors may or may not see a particular Customer’s data depending on which Conversica products and services that Customer is using.
Our clients utilize our conversational AI solutions to grow their revenue by attracting, acquiring, and better serving their customers. AI powers the intelligent virtual assistant (“IVA”) conversations which our customers deploy for this purpose. Our machine learning models deploy natural language processing, understanding, and generation using relevant, publicly available, anonymized data sets along with anonymized data derived from these IVA conversations. Our proprietary AI solutions use this data to continually learn and advance our analysis of the intent of those individuals engaging in the IVA conversations. This enhances the conversational models deployed by each IVA to continually improve their performance and predictive abilities, leading to high-quality experiences and outcomes.
With respect to the data collected and stored by our Customers, the Customer is the Data Controller, and Conversica is the Data Processor. We will enter into a Data Processing Agreement or DPA with any Customer that requests one.
We utilize the EU-approved Standard Contractual Clauses for cross-border transfers originating in the EU and similar contractual clauses for cross-border transfers originating in the UK.
Only employees who need to access data in order to help perform the services will access customer data.
Yes. Conversica undergoes annual application and network penetration tests conducted by nationally recognized firms.
Conversica maintains an information security management system (ISMS), including the adoption and enforcement of internal policies and procedures, designed to minimize security risks through risk assessment, regular testing, and mitigation. Our head of security, who holds CISSP, CISM, MIS certifications, directs the program and leads regular infosec team meetings. An executive management committee (ISMC) oversees the ISMS program and meets on a regular basis to consider security and compliance matters.
You can contact us via email us at security@Conversica.com.
Conversica continuously scans and monitors our production environment to detect possible intrusion and performs static and dynamic code analysis on a regular basis.
Yes. Customer data is encrypted at rest using AES 256 and in transit using TLS 1.2.
Conversica does not have a bug bounty program at this time.
Yes. Conversica utilizes geographically separate environments to backup Customer data. Data is backed up at minimum on a daily basis.
Our IVAs initiate conversations with individuals on behalf of a customer via email and/or text utilizing contact information provided by the customer. To initiate a conversation by email with an individual a Conversica IVA would only need the name and email address for the individual although a Coversica customer may choose to provide other data regarding the individual because the use of additional personal data may enable a more productive conversation early on. Often our customers choose to integrate their CRM or DMS systems with Conversica so they can transfer select data back and forth via secure API.
Conversica is a SaaS platform that is 100% cloud-based in Amazon Web Services. We do not operate our own physical servers, routers, load balancers, or DNS servers. All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from reaching our internal network.