Appearance
Security practices (overview)
This page summarizes the security topics covered in this documentation set and points you to the right place depending on what you’re trying to do.
Start here
- If you handle customer contact data: read PII Handling and Privacy Protection.
- If you manage user access: set up Multi‑Factor Authentication (MFA).
- If you want to understand response safety controls: read Response Quality & Safety Review.
What the platform does by default
These items are described in the linked docs above:
- Encrypts PII at rest (AES-256-GCM) and encrypts traffic in transit (TLS).
- Supports optional PII redaction for AI model inputs (so models don’t receive raw contact details).
- Logs PII access for monitoring and compliance.
When you should tighten controls
Use the sensitivity and review controls when:
- The conversation involves legal, compliance, or payment topics.
- A client requires stricter handling or a human-only workflow.
- You want to prevent auto-send and require review before sending.
See the “Sensitive” sections in the relevant product docs (for example inbox and client settings).