Security & Trust

Your data is safe with BotReply

We build BotReply with security at the core — encryption, tenant isolation, and strict compliance so you can automate WhatsApp with confidence.

End-to-End Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Sensitive credentials are stored in an isolated vault.

GDPR Compliance

We follow EU data protection standards for all users worldwide, with full data export and deletion rights on request.

SOC 2 Ready

Our processes are aligned with SOC 2 Type II controls covering security, availability, and confidentiality.

Tenant Data Isolation

Every business account is a fully isolated tenant. Your agents, conversations, and knowledge base never mix with others.

Zero Data Retention

Enable zero-retention mode to process message content in memory without permanent storage on our servers.

Webhook Verification

All incoming webhooks are verified with signature checks and a per-tenant token to prevent spoofed requests.

Built on a hardened infrastructure

Our stack is engineered for resilience and security from the network edge down to the database layer.

PostgreSQL 16 + pgvector

Encrypted storage with vector search for RAG.

Redis with AOF persistence

Durable queues and rate limiting state.

Docker containers (uid 1001)

Non-root, least-privilege runtime.

HSTS + CSP headers

Strict transport and content security policies.

slowapi rate limiting

Abuse protection with 10MB request limits.

Security architecture

Layered request flow

CDN / Nginx
CORS + Rate Limit
FastAPI Backend
PostgreSQL + Redis

Responsible Disclosure

Found a vulnerability? Report it to our security team at [email protected]. We acknowledge all reports within a 48-hour SLA and work with researchers to resolve issues responsibly.

Submit Report

Automate WhatsApp without compromising security

Join 12,000+ businesses that trust BotReply with their customer conversations.