Skip to content

SECURITY & PRIVACY

Built with deliberate data controls.

Amevia processes website content, visitor conversations and submitted lead information only to provide and operate website-agent functionality.

Customers choose the knowledge sources, agent behavior and visitor-data features they enable.

Trust summary

Approved knowledge

Amevia uses website pages, FAQs and other sources selected by the customer.

Controlled visitor data

Conversation and lead data is processed only for enabled product functionality.

Customer visibility

Customers can review knowledge, conversations and captured leads in their workspace.

Honest product status

Controls that depend on production infrastructure or configured providers are identified clearly.

DATA LIFECYCLE

What Amevia processes and why.

  1. Customer-provided content

    • Website pages
    • FAQs
    • Manual knowledge
    • Agent configuration

    Provide approved context for the agent.

  2. Visitor interaction

    • Visitor messages
    • Page URL
    • Session information
    • Submitted contact details

    Understand the request and respond appropriately.

  3. Product processing

    • Knowledge retrieval
    • Response generation
    • Recommendation logic
    • Lead capture

    Provide the website-agent experience.

  4. Stored product data

    • Conversation history
    • Lead context
    • Usage records
    • Operational logs

    Review outcomes, enforce limits and operate the service.

DATA CATEGORIES

Categories, purpose and control.

Data categories, examples, purpose and customer control
Data categoryExamplePurposeCustomer control
Website contentPages, FAQs, policiesGrounded answersCustomer selects sources
Agent configurationTone, language, fallback behaviorConfigure responsesEditable in workspace
Visitor conversationsQuestions and agent repliesOperate and review conversationsReview and retention where supported
Lead informationName, email, company, requestCapture requested contact contextLead capture can be configured
Usage and operational logsRequests, errors, usage countersService operation and troubleshootingSubject to product and infrastructure policy

Website content

Example

Pages, FAQs, policies

Purpose

Grounded answers

Customer control

Customer selects sources

Agent configuration

Example

Tone, language, fallback behavior

Purpose

Configure responses

Customer control

Editable in workspace

Visitor conversations

Example

Questions and agent replies

Purpose

Operate and review conversations

Customer control

Review and retention where supported

Lead information

Example

Name, email, company, request

Purpose

Capture requested contact context

Customer control

Lead capture can be configured

Usage and operational logs

Example

Requests, errors, usage counters

Purpose

Service operation and troubleshooting

Customer control

Subject to product and infrastructure policy

CUSTOMER CONTROLS

You decide how Amevia is configured.

Amevia is designed so customers can control the knowledge, agent behavior and visitor-data features used on their websites.

Select approved knowledge sources

Choose which website pages and FAQs the agent may use.

Review indexed pages and FAQs

Inspect approved knowledge before and after scans.

Configure agent behavior and fallback rules

Set tone, language and how the agent responds when knowledge is missing.

Enable or disable lead capture

Turn visitor contact capture on or off for each website agent.

Review conversations and leads

Inspect visitor sessions and captured contact context in the workspace.

Remove website or account data through supported workflows

Use product removal flows where available, or request deletion through support.

SECURITY PRACTICES

Practical controls for operating the service.

Implemented

Present in the current application or development architecture.

Production configuration

Requires the final hosted environment and deployment settings.

Provider-dependent

Depends on the infrastructure or third-party service selected.

Planned

Not yet available as a production control.

Application controls

  • HTTPS in production

    Production configuration
  • Authentication and workspace access controls

    Implemented
  • Input validation on public and authenticated surfaces

    Implemented
  • Environment-based secrets

    Implemented
  • Rate and usage controls where configured

    Production configuration

Operational controls

  • Logging for operational issues

    Implemented
  • Dependency maintenance

    Implemented
  • Data minimization

    Implemented
  • Backup and recovery according to production infrastructure

    Provider-dependent
  • Monitoring and incident handling according to configured providers

    Production configuration

SERVICE PROVIDERS

Third-party services are used deliberately.

Amevia may use infrastructure, email, analytics and AI providers where they are configured for the product.

Infrastructure

Production provider to be selected

Why it may be used

Hosting, databases, storage and delivery services.

Data that may be shared

Application data required to run the product, including website knowledge and operational records.

AI processing

Not configured

Why it may be used

Model or inference providers used to generate website-agent responses.

Data that may be shared

Approved knowledge context and visitor messages needed to produce a response.

Email

Not configured

Why it may be used

Account, notification and support email delivery.

Data that may be shared

Account email addresses and message content required for delivery.

Analytics and operations

Development only

Why it may be used

Service health, errors and product-usage monitoring.

Data that may be shared

Operational metrics, error details and usage counters needed to run the service.

TRANSPARENCY

What we do not claim.

  • Amevia does not claim SOC 2 or ISO 27001 certification at this stage.
  • Amevia does not claim end-to-end encryption for website-agent conversations.
  • Production security depends on the final hosting, AI and email providers selected.
  • Some retention, deletion and monitoring controls are still being finalized.
  • Custom compliance requirements must be reviewed before deployment.

Policies and requests