Social Intents is built with security at every layer - infrastructure, data handling, and application security. This page summarizes how your data is protected.
Infrastructure
- Hosting: AWS (Amazon Web Services) with industry-standard cloud infrastructure
- Encryption in transit: All data is transmitted over TLS/SSL. All connections between your browser, the chat widget, and our servers are encrypted.
- Encryption at rest: Data is encrypted at rest using AWS infrastructure encryption
Application Security
Authentication
- Dashboard access is protected with secure session management
- REST API requests are authenticated via API token or Basic Auth
- Third-party integrations use separate verification tokens
Input Sanitization
All user inputs - chat messages, form fields, widget configuration - are sanitized to prevent cross-site scripting (XSS) and other injection attacks.
Bot and Spam Protection
- Google reCAPTCHA verification at chat start
- Visitor blocking - agents can type
/blockduring a chat to instantly block a visitor - Country-based allow/block lists (Pro plan and above)
Data Access Controls
Social Intents uses role-based access control:
| Role | Access Level |
|---|---|
| Admin | Full access: settings, reports, team management, billing |
| Manager | Chat access and team management |
| Agent | Chat access only |
Reports and settings are restricted to Admin users. See Understanding Roles.
Privacy and Compliance
- GDPR ready - see GDPR Compliance
- Optional Zero-Retention Mode - disable storage of all chat conversations and transcript data for environments with strict data handling requirements
- Detailed security and privacy documentation available upon request - contact support@socialintents.com