Encryption
WizChat uses industry-standard encryption to protect your data.
Encryption Overview
| Data State | Encryption |
|---|---|
| At rest | AES-256-GCM |
| In transit | TLS 1.3 |
| Backups | AES-256 |
Data at Rest
All stored data is encrypted using AES-256-GCM:
Documents
- Uploaded files encrypted before storage
- Encryption keys managed by cloud provider
- Customer-managed keys available (Enterprise)
Databases
- All database fields encrypted
- Transparent data encryption (TDE)
- Encrypted backups
Embeddings
- Vector embeddings encrypted
- Index data encrypted
Data in Transit
All network traffic uses TLS 1.3:
- Browser to WizChat
- WizChat to AI providers
- WizChat to databases
- API communications
Certificate Management
- Certificates auto-renewed
- Modern cipher suites only
- HSTS enabled
Key Management
Default Key Management
- Keys managed by WizChat
- Automatic key rotation
- Secure key storage
Customer-Managed Keys (Enterprise)
Bring your own encryption keys:
- AWS KMS integration
- Google Cloud KMS integration
- Azure Key Vault integration
Contact sales for setup.
Sensitive Data
API Keys
- Encrypted at rest
- Never logged
- Shown only once
OAuth Tokens
- Encrypted with AES-256-GCM
- Refresh tokens protected
- Revocable anytime
Passwords
- Never stored in plain text
- Bcrypt hashing
- Salted hashes
Audit Logging
Security events are logged:
- Login attempts
- Permission changes
- Data access
- API key usage
Logs are:
- Encrypted
- Retained per policy
- Available for review (Business plans)
Security Certifications
| Certification | Status |
|---|---|
| SOC 2 Type II | Certified |
| ISO 27001 | Certified |
| GDPR | Compliant |
| HIPAA | Available (Business) |
Penetration Testing
- Regular third-party testing
- Vulnerability assessments
- Bug bounty program