Security & Compliance at Dewata AI
Your trust is our priority. Dewata AI implements the highest security standards to protect your business and customer data. Learn more about our commitment to security, privacy, and regulatory compliance.
Documents & Policies
Access all documents related to Dewata AI security, privacy, and compliance.
A comprehensive overview of the security measures we implement to protect your data and systems.
How we collect, manage, and protect your personal data in compliance with applicable regulations.
Terms of use for Dewata AI services, including the rights and obligations of users and the service provider.
Explanation of our use of cookies, fingerprinting, and tracking technologies on our platform.
Data Processing Agreement (DPA) for enterprise customers requiring additional compliance documentation.
Complete history of changes, feature updates, and security patches on the Dewata AI platform.
Security Infrastructure
Dewata AI is built on trusted cloud infrastructure with enterprise-grade security standards.
PostgreSQL database with Row Level Security (RLS) and built-in authentication. Data stored encrypted in SOC 2 Type II certified data centers.
Enterprise-grade hosting platform with global edge network, automatic HTTPS, and built-in DDoS protection for maximum performance and security.
All sensitive credentials such as access tokens and payment configurations are encrypted using AES-256-GCM — military-grade encryption standard.
Compliance Standards
Dewata AI is committed to complying with applicable security standards and regulations in Indonesia.
UU PDP
We comply with Indonesia's Personal Data Protection Law (UU No. 27/2022) in every aspect of user data management.
HTTPS / TLS
All communication between users and our servers is protected by TLS 1.3 encryption to prevent data interception.
AES-256
Sensitive data including API tokens, payment credentials, and social media access tokens are encrypted with AES-256-GCM standard.
RLS Policy
Row Level Security ensures every user can only access their own data, even at the database level.
Our Security Practices
Concrete measures we implement to keep your data secure.
Data Encryption
All sensitive data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM). API keys are hashed with SHA-256.
Row Level Security
Every database query is filtered by user identity. No user can access another user's data.
Input Validation
All user inputs are validated and sanitized to prevent XSS, SQL injection, and other injection attacks.
Rate Limiting
Distributed request throttling system protects against abuse and brute force attacks across all endpoints.
Domain Allowlist
Chat widgets can only be embedded on domains authorized by the bot owner, preventing misuse.
Security Headers
Implementation of CSP, X-Frame-Options, HSTS, and other security headers for comprehensive protection.
Have Questions About Security?
Our security team is ready to answer your questions about data security, regulatory compliance, or enterprise DPA requirements.