Security and data isolation in ConversAI
Discover how ConversAI protects customer data and prevents contamination using Azure infrastructure and strict access controls.
Target audience:
Security officers, IT admins, and compliance teams reviewing AI data handling and protection.
Core purpose/goal:
To explain how ConversAI ensures data security, prevents contamination, and aligns with regulatory standards.
Security architecture
ConversAI is built on Microsoft Azure infrastructure, offering robust protection against cyber threats.
- Encryption
- Data in transit: TLS 1.2+
- Data at rest: AES-256
- Access control
- Role-based access control (RBAC)
- OAuth-protected APIs
- Only authenticated and authorised users can access data
- Threat response
- Quick access revocation if threats are detected
- Vulnerability tracking via CVE databases and internal scanning tools
- Monthly security updates from Microsoft
- Application-level security
- SAST, DAST, and SCA tools used (e.g. Checkmarx, SonarQube, Mend)
- Issues remediated per documented vulnerability management process
Data isolation and contamination prevention
- Each customer’s data is stored and indexed separately
- RAG retrieves data only from the customer’s own index
- No cross-customer access is possible
- Citations link back to the source for validation
- Azure storage best practices are followed to maintain isolation
Compliance
- ConversAI aligns with the EU AI Act (Article 15) on robustness
- Customer data is never used for model training or fine-tuning
