Table of Contents

For us, security is not just a feature; it's ingrained in our DNA. We go to great lengths to ensure the highest level of protection for your data, employing industry-leading practices, robust encryption, and stringent access controls. Your trust is our utmost concern.

Compliance & Certification

WotNot is fully committed and designed in compliance with the GDPR principles, ensuring that any personal data collected during interactions are handled with the utmost care and in accordance with the regulations.

Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored in Google Cloud Platform. Please visit the GCP Security Page for additional information on Google Cloud Security.

WotNot does not sell any contact data collected on behalf of the user or market WotNot’s services to the user’s website. The categories of data we collect on a user are Contact information(Name, Email, Phone, Company Name), IP address, and Cookie data. 

We have in place the appropriate Data Processing Agreements (DPAs) with all vendors and sub-processors that process data on our behalf. Check out the Sub-processor section below for more information on how we vet and contract with our sub-processors. You can find our list of subprocessors at the bottom of this page. 

We accept data erasure requests via a ticket at or an email to

Please contact us at directly with any questions.

SOC-2 Type 2 Certified

We are SOC-2 Type 2 certified, which means that our chatbot platform undergoes regular independent audits to assess its security controls, availability, and processing integrity. 

Check out WotNot’s SOC-2 Type 2 report.


We are proud to maintain the ISO27001 certification, which covers the information security management system for our chatbot platform. This certification validates our implementation of comprehensive security controls, risk assessment processes, and continuous improvement practices specific to our chatbot technology.

CCPA Compliance

For clients and users in California, WotNot is fully compliant with the California Consumer Privacy Act (CCPA). We respect your privacy rights and provide transparency and control over your personal information when interacting with our chatbots. 

We accept data erasure requests via a ticket at or an email to

Please contact us at directly with any questions.

Policies and Procedures

We have implemented a comprehensive set of policies and procedures that specifically address the unique security challenges of chatbot technology. These policies cover areas such as data encryption, access controls, authentication mechanisms, and secure integrations. Our team rigorously adheres to these policies to ensure the highest level of security for your chatbot interactions.

The policies include:

  • Acceptable Usage Policy

  • Business Continuity Policy

  • Code of Business Conduct Policy

  • Data Backup Policy

  • Data Retention Policy

  • Encryption Policy

  • Incident Management Policy

  • Media Disposal Policy

  • Physical Security Policy

  • Vendor Management Policy

  • Access Control Policy

  • Change Management Policy

  • Confidentiality Policy

  • Data Classification Policy

  • Disaster Recovery Policy

  • Endpoint Security Policy

  • Information Security Policy

  • Password Policy

  • Risk Management Policy

  • Vulnerability Management Policy

A selection of these policies are detailed below. All additional policies are available to WotNot prospective and existing customers under a signed non-disclosure agreement.

Business Continuity Policy

  • WotNot performs testing of this Business Continuity Plan on an annual basis, and our CTO is responsible for coordinating and conducting an annual check of our BCP.

  • To ensure uninterrupted service, we have a robust Business Continuity Policy that includes redundancy measures and failover mechanisms specifically designed for WotNot’s infrastructure. 

  • Whenever the BCP is enacted, it must be followed up with a retrospective in order to identify lessons learned and playbooks needing creation.

Disaster Recovery Policy

  • WotNot performs testing of our Disaster Recovery Plan annually, and our CTO is responsible for coordinating and conducting an annual check of our DRP.

  • Our Disaster Recovery Policy for chatbot technology focuses on swift recovery and restoration in the event of a major incident or disaster. We have detailed plans in place to quickly restore functionality, retrieve data, and minimize downtime. 

  • Regular backups, off-site storage, and failover systems contribute to our disaster recovery strategy, providing peace of mind in the face of potential disruptions.

Availability Policy

Our Availability Policy encompasses proactive monitoring, load balancing techniques, and infrastructure scalability to ensure high service availability. We invest in robust infrastructure that can handle peak usage periods and sudden spikes in traffic, ensuring your chatbot remains accessible and responsive.

WotNot availability can be found and tracked at

Infrastructure Security

Our chatbot company takes infrastructure security to the next level, implementing a fortified defense against potential threats. With cutting-edge firewalls, advanced intrusion detection systems, vulnerability assessments, and rigorous security audits, we go above and beyond industry standards to provide you with the utmost protection for your valuable information.

Physical Access Control

WotNot is hosted on the Google Cloud Platform (GCP), in its data center located in the United States, Europe, Abu Dhabi, and the United Kingdom. By leveraging GCP's advanced security features, we ensure that your data is hosted in a secure and reliable environment. GCP’s data center operations have been accredited under:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • PCI Level 1

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)

More information on GCP’s security can be found here.

In addition to this, we have implemented strict access control measures, including biometric authentication, and video surveillance, to limit access to authorized personnel only within our office premises. By securing our office spaces, we ensure that physical assets and infrastructure associated with our chatbot platform are protected from unauthorized access, enhancing the overall security of our operations.


To safeguard our infrastructure from unauthorized access and malicious activities, we utilize robust firewall services provided by Google Cloud Platform. Firewalls act as a barrier between our systems and external networks, filtering incoming and outgoing network traffic based on predefined security rules. 

Penetration Testing

We conduct regular penetration testing, performed by skilled and certified professionals, to identify vulnerabilities and potential entry points for unauthorized access. By simulating real-world attacks, we gain valuable insights into any weaknesses in our system. 

WotNot can provide a summary of penetration test findings upon request to Enterprise customers.

Third-Party Audit

Third-party security testing of the WotNot application is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team.

WotNot undergoes regular third-party independent audits on a regular basis and can provide SOC-2 compliance audit summaries upon request.

Application Security

We understand the critical importance of application security in protecting your valuable data and ensuring a safe user experience. Our commitment to best security practices goes beyond industry standards, as we continuously strive to exceed expectations.

Two-Factor Authentication (2FA)

We have implemented Two-Factor Authentication on WotNot. 2FA adds an extra layer of security by requiring users to provide two forms of identification to access their accounts. By combining something the user knows (such as a password) with something the user possesses (such as a unique code sent to their mobile device), we significantly reduce the risk of unauthorized access to your data.

Static IPs

To enhance security, we utilize static IPs for WotNot. Static IPs provide a stable and secure connection by assigning a fixed, unique IP address to each user or system. By restricting access to known and trusted IP addresses, we minimize the risk of unauthorized access or potential attacks from unknown sources.

Software Development Lifecycle (SDLC)

As part of our SDLC, we conduct regular security audits every quarter to identify potential vulnerabilities and address them promptly. These audits involve comprehensive code reviews, penetration testing, and vulnerability assessments. By proactively identifying and addressing security issues, we continuously improve our application's resilience and block any potential loopholes.

Single Sign-On

WotNot provides a standard feature called SAML-based Single Sign-On (SSO) to customers on its Enterprise plan, aiming to enhance identity management and enable convenient user authentication through web browsers. By utilizing SAML 2.0, the company improves user-based security, simplifies signup and login processes from trusted portals, and thereby enhances the overall user experience, access management, and auditability.

Data Security

When it comes to data security, we go above and beyond to ensure that your sensitive data is protected at all times.

Data Storage

We employ GCP’s cloud storage infrastructure designed to meet the highest security standards. Your data is stored in secure, controlled environments with robust access controls, ensuring that only authorized personnel can access it. GCP’s data centers are equipped with advanced physical security measures, including 24/7 monitoring, backup power systems, and fire detection and suppression systems.

Data Encryption

We utilize industry-standard encryption protocols to ensure that your data remains private and secure during transit and at rest. For data in transit, we employ SSL (Secure Sockets Layer) encryption, which establishes a secure connection between your device and our servers. This encryption protocol safeguards your conversations from unauthorized interception or eavesdropping.

At rest, all data lives within our Google Cloud Platform(GCP) infrastructure located in US-CENTRAL (Council Bluffs, IA 51501, United States) data centers. 

During transit, either externally or internally between WotNot services, data is encrypted using TLS 1.2 with AES 256-bit encryption to ensure data protection at all times

We use strong encryption algorithms to ensure that your data remains confidential and secure at all times.

Vaults store all crucial passwords and access tokens required to function the product on a separate database. Passwords stored in these vaults are changed regularly as per our password policy. 

Connection via SSL

WotNot operates exclusively over a secure connection, utilizing SSL (Secure Sockets Layer) technology. SSL establishes an encrypted link between the user's device and our servers, ensuring that all data transmitted back and forth remains secure. With SSL, you can have peace of mind knowing that your interactions with our chatbots are protected against eavesdropping and tampering.

Data Retention

Our data retention policies are designed to provide you with peace of mind, ensuring that your data is handled responsibly and securely throughout its lifecycle.

Limited Retention Period

We store your conversations for a maximum period of 12 months. This retention period allows us to provide you with a seamless and personalized experience while keeping your data for a reasonable duration. 

After the 12-month mark, your data is automatically deleted from our systems, ensuring that it is no longer accessible or stored.

To request data removal, create a support ticket or email us at

Data Subprocessors

In order to provide our users with the best user experience in our product customer service, we send data to our subprocessors.

  • We have a diligence process to ensure that we only trust parties who have stringent standards regarding the safety and security of Personal Data.

  • We have in place Data Processing Agreements with all of our sub-processors.

  • We will notify you of new sub-processors via our Subprocessor Notification Process and give you an opportunity to object.

 Our current list of subprocessors is:

  • Google Cloud Platform (Cloud Infrastructure)

  • Oracle Cloud Infrastructure (Cloud Infrastructure)

  • ActiveCampaign (Marketing Automation)

  • HubSpot (Customer Relationship Management)

  • SendGrid (Email Delivery Services)

  • Stripe (Billing)

  • OpenAI (Artificial Intelligence)

These trusted industry leaders adhere to the most stringent security practices, guaranteeing the utmost protection of your information throughout your interaction with our chatbot platform.