Your Data Security Is Our Priority
At Dewata AI, we understand that your business data is invaluable. That is why we implement best-in-class security practices at every layer of our platform, from data encryption to rigorous input validation.
Our Security Layers
Our platform is protected by seven security layers working together to keep your data safe.
All sensitive credentials and access tokens are encrypted using AES-256-GCM, a military-grade encryption standard. Data in transit is protected by SSL/TLS to ensure no third party can access your information.
- AES-256-GCM for merchant credentials and access tokens
- SSL/TLS for all data in transit
- Encryption keys managed securely and separately
- Meta API tokens encrypted before database storage
We use Row Level Security (RLS) on all database tables, ensuring each user can only access their own data. The service role client is reserved for authorized cross-user operations only.
- Row Level Security (RLS) active on all tables
- Strict data isolation between users and teams
- Service role restricted to webhook and widget operations
- Audit trail for all sensitive operations
Every user input goes through rigorous validation before processing. Our system detects and prevents various attacks including Cross-Site Scripting (XSS) and SQL injection.
- XSS attack detection and prevention
- SQL injection protection
- Automatic message truncation at 4,000 characters
- Email and UUID format validation
Dewata AI API keys are hashed using SHA-256 before being stored in the database. Scope-based authentication ensures each key only has access to the features it needs.
- API keys hashed with SHA-256 before storage
- Scope-based authentication (chat:write, credits:read, etc.)
- Distributed rate limiting on all endpoints
- Only key prefix displayed to users
Our infrastructure is configured with strict security headers in middleware, including Content Security Policy (CSP) that restricts which resources can be loaded.
- HTTPS required for all connections
- Security headers: X-Frame-Options, XSS Protection, HSTS
- Strict Content Security Policy (CSP) headers
- Middleware protection for all routes
Our authentication system is powered by Supabase Auth with modern security features including Multi-Factor Authentication (MFA/2FA) support and secure session management.
- Multi-Factor Authentication (MFA/2FA) support
- Secure session management with token refresh
- Password hashing using bcrypt algorithm
- Dashboard route protection via middleware
Dewata AI is committed to complying with applicable data protection regulations in Indonesia, including the Personal Data Protection Law (UU PDP).
- Compliance with UU PDP (Indonesia Personal Data Protection Law)
- Data encrypted at rest and in transit
- Clear data retention policies
- User rights to access and delete personal data
Data Protection Commitment
We never sell your customer data to third parties. All conversation data is processed in real-time and stored with strong encryption.
Every Dewata AI team member signs a confidentiality agreement and undergoes regular security training to ensure your data is always protected.
We routinely conduct security audits and update our systems to address the latest threats.
End-to-End Encryption
Data encrypted from browser to database
Zero Data Selling
We never sell your customer data
Regular Security Audits
Routine security reviews and improvements
Rapid Incident Response
Security team ready to respond 24/7
Have Questions About Security?
We are happy to answer your questions about our security practices. Contact our team or read our full documentation.