Skip to content
English
Sign in
Customer Portal
  • There are no suggestions because the search field is empty.

How Mavim ConversAI keeps your data secure and compliant

Learn how ConversAI protects enterprise data with encryption, anonymization, and role-based access controls to meet strict compliance standards.

How Mavim ConversAI keeps your data secure and compliant

Overview

Mavim ConversAI is built for enterprises that require full control, strong data security, and regulatory compliance. It runs entirely within your Microsoft Azure environment, ensuring your data stays inside your trusted cloud infrastructure. This article outlines how ConversAI meets enterprise-grade security, privacy, and compliance standards.
 

Who is this for

IT leaders, data security professionals, administrators, compliance officers, and security teams evaluating or deploying ConversAI in regulated or sensitive environments.
 

What you'll learn

How ConversAI:
  • Secures your data within your own Azure tenant
  • Prevents cross-customer data sharing or training
  • Aligns with global regulatory standards like GDPR and the EU AI Act
  • Provides transparent, auditable AI interactions
  • Enforces access controls using your organizational roles
  • Protects user privacy through anonymization and encryption
  • Uses secure transmission protocols and identity federation
  • Applies application-level security and threat response mechanisms

Key security and compliance features

1. Runs fully inside your Azure tenant

ConversAI is deployed directly into your Microsoft Azure environment—not a shared cloud service. This keeps your data and AI queries under your full control.
  • Data residency: Data stays in the Azure region you choose (default: West Europe for EU customers)
  • No public exposure: Your data is never sent to public AI models or external environments
  • Tenant isolation: No prompts or outputs are shared or reused across customers
  • Full data ownership: You own all content, prompts, and model outputs
  • Each customer’s data is stored and indexed separately
  • Retrieval-Augmented Generation (RAG) only pulls from the customer’s own index
  • Azure storage best practices are followed to maintain isolation
  • Citations link back to the source for validation

2. Built on secure Azure architecture

ConversAI uses Microsoft’s enterprise-grade components to secure and scale your deployment:
  • Azure OpenAI with Enterprise Guardrails
  • Azure AI Search for context-aware responses
  • Azure Kubernetes Service (AKS) and Azure API Management
  • Azure Durable Functions for background data processing
  • TLS 1.2+ encryption for data in transit
  • AES-256 encryption for data at rest
  • OAuth-protected APIs for secure access
  • Monthly security updates from Microsoft
  • Threat response includes quick access revocation and vulnerability tracking via CVE databases and internal scanning tools
  • Application-level security tools used: SAST, DAST, and SCA (e.g., Checkmarx, SonarQube, Mend)
  • Vulnerabilities are remediated per documented management process

3. No training on your data

Your content is never used to train models. ConversAI only uses verified, structured content from your Mavim Digital Twin of the Organization (DTO).
  • No cross-customer training or mixing of data
  • No web data or public sources in outputs
  • Responses are grounded in your own content to avoid misinformation
  • No customer data is used to fine-tune AI models

4. Built for regulated industries

ConversAI supports compliance with major data and AI regulations, making it suitable for finance, healthcare, and public sector use.
  • GDPR compliant by design
  • Aligned with EU AI Act requirements for high-risk AI systems (Articles 6, 9, 15, 16)
  • Specifically aligned with Article 15 on robustness
  • Ethical AI principles embedded through Microsoft’s Responsible AI Framework:
    • Privacy and security
    • Reliability and traceability
    • Transparency with source references
    • Human accountability
    • Fairness through use of organizational, structured content

5. Full transparency and audit readiness

Every response from ConversAI is traceable to its source.
  • Reference-rich responses: Each answer includes links to source documents or models in your DTO
  • Audit trails: Helps meet compliance and audit requirements with clear sourcing

6. Role-based access control (RBAC)

Access to AI-generated content is filtered by user role and identity.
  • Context-aware access: Users only see content they are authorized to view
  • Data governance support: Enforces structured ownership and versioning of source content
  • Identity federation: Uses Azure Active Directory to authenticate users
  • Verified access: Only authenticated users can interact with the AI system
  • OAuth-protected APIs further restrict unauthorized access

7. Data privacy and encryption

ConversAI includes additional privacy protections for user data.
  • No storage of personally identifiable information (PII) for AI features
  • Anonymization: Removes identifiable data from inputs and outputs
  • Secure transmission: All data is encrypted in transit and at rest
  • Metadata handling: Only minimal metadata (e.g., timestamps, language settings) is collected
  • Customer isolation: All data is stored in access-controlled, tenant-specific environments

Important notes

  • Organizational roles must be clearly defined in Mavim for access filtering to work properly
  • All data handling aligns with Mavim’s internal privacy and security policies
  • Access to AI features is governed by customer-specific configurations
  • No customer data is used for model training or fine-tuning
  • Vulnerability management is part of ConversAI’s documented security process

© 2025 Mavim. All rights reserved.