Skip to content
Home › Legal & Trust Center › Security & Trust

Legal & Trust

Security & Trust

How we approach protecting the data flowing through our website and AI automation services — described accurately, without borrowing certifications we don't hold.

Last updated: Effective: Calculating…

On this page

  • Security philosophy
  • Data protection
  • Access controls
  • Encryption
  • Infrastructure
  • Vendor management
  • AI provider security
  • Data retention
  • Incident response
  • Business continuity
  • Responsible disclosure
  • Client security responsibilities
  • Contact for security concerns

1. Security Philosophy

We use technical and organizational safeguards appropriate to the nature of the services and the risks involved. Security is a practice we continue to build up as we grow, not a finished state — this page describes our current approach honestly rather than overstating it.

What we don't claim

We do not currently hold SOC 2, ISO 27001, HIPAA, or PCI DSS certification, and we don't use terms like "bank-grade security" or "fully GDPR compliant" as absolute guarantees. Where a client engagement requires a specific certification or compliance posture, that's a scoping conversation to have with us directly.

2. Data Protection

We aim to collect and retain only the data needed to deliver the service in question, and to restrict access to it to the people and systems that need it. See our Privacy Policy and Data Processing Addendum for how this applies to specific data categories.

3. Access Controls

Access to systems that handle client configuration and conversation data is limited to team members and contractors who need it to do their work, and credentials for third-party services are not shared more broadly than necessary.

4. Encryption

Traffic between your browser and our website, and between our server-side services and the third-party providers we use (Google Cloud, Calendly, Razorpay, Web3Forms), is transmitted over HTTPS/TLS. We do not publish a blanket "end-to-end encrypted" claim for every part of the system, since that specific architecture varies by feature and provider.

5. Infrastructure

Our website and API are hosted on cloud infrastructure, with our AI features running through Google Cloud Vertex AI. We rely on our infrastructure providers' own platform-level security controls in addition to our own application-level practices.

6. Vendor Management

Before relying on a new third-party provider for a core function (payments, scheduling, AI, forms), we consider its reputation, security practices, and terms of service. We keep the list of subprocessors we actually use up to date in our Privacy Policy and Data Processing Addendum rather than listing every technology we could theoretically integrate.

7. AI Provider Security

Our chatbot and voice demo run through Google Cloud Vertex AI, which provides its own security and compliance program at the infrastructure level. We authenticate to it using service-account credentials that are not exposed to the browser; all AI requests are proxied through our own backend rather than calling the AI provider directly from your browser.

8. Data Retention

We retain information only as long as needed for the purpose it was collected, as described in our Privacy Policy, and aim to delete or anonymize it thereafter subject to legal and accounting requirements.

9. Incident Response

If we identify a security incident affecting personal data, we investigate promptly, take reasonable steps to contain it, and notify affected clients and, where legally required, individuals or regulators, consistent with our Data Processing Addendum commitments.

10. Business Continuity

Our services depend in part on third-party cloud, AI, telephony, and messaging providers; where those providers experience outages, our own services may be affected. We do not currently guarantee a specific uptime SLA unless one is agreed in a signed written agreement with a client.

11. Responsible Disclosure

If you're a security researcher and believe you've found a vulnerability in our website or services, please report it to us before disclosing it publicly, and avoid actions that could harm users or data (e.g. accessing data beyond what's needed to demonstrate the issue). We'll acknowledge reports made in good faith and work with you to understand and address the issue.

12. Client Security Responsibilities

If you're a business client, you're responsible for keeping your own dashboard/account credentials confidential, configuring appropriate access within your team, and promptly telling us if you suspect unauthorized access to your account or agent.

13. Contact for Security Concerns

Report a security concern to . Please include enough detail for us to reproduce or understand the issue.

Related policies

Privacy Policy
What data we protect
Data Processing Addendum
Security terms for clients
Last updated
Reading timeCalculating…
Report a security concern WhatsApp us
AI Agent Mindset

AI Voice & WhatsApp agents for businesses globally — deployed in 72 hours.

Industry Solutions

  • Real Estate
  • Clinics & Healthcare
  • Coaching & Ed-Tech
  • Restaurants
  • Insurance

Resources

  • Blog
  • All Services
  • Voice Agent Demo
  • WhatsApp Demo

Company

  • Home
  • Testimonials
  • FAQ
  • Contact
Privacy Policy Terms of Service Cookie Policy AI Transparency Security Legal & Trust Center
© 2026 AI Agent Mindset. All rights reserved.support@aiagentmindset.com · +91 72757 80348