Your data is safe with BotReply
We build BotReply with security at the core — encryption, tenant isolation, and strict compliance so you can automate WhatsApp, Telegram, and web chat with confidence.
Encryption in Transit & at Rest
All traffic is encrypted in transit with TLS. Channel credentials, provider API keys, and payment configuration are encrypted at rest with authenticated encryption.
GDPR & DPDP Aligned
We follow EU GDPR and India DPDP Act data protection principles for all users worldwide, with data export and deletion rights on request.
Security-First Processes
Our controls are modeled on SOC 2 principles covering security, availability, and confidentiality — audited internally on an ongoing basis.
Tenant Data Isolation
Every business account is a fully isolated tenant. Your agents, conversations, and knowledge base never mix with others.
Data Deletion Controls
Delete conversations, knowledge items, agents, or your entire account at any time — deletion cascades through all associated data.
Webhook Verification
All incoming webhooks are verified with signature checks and a per-tenant token to prevent spoofed requests.
Built on a hardened infrastructure
Our stack is engineered for resilience and security from the network edge down to the database layer.
PostgreSQL 16 + pgvector
Encrypted storage with vector search for RAG.
Redis with AOF persistence
Durable queues and rate limiting state.
Docker containers (uid 1001)
Non-root, least-privilege runtime.
HSTS + CSP headers
Strict transport and content security policies.
slowapi rate limiting
Abuse protection with 10MB request limits.
Security architecture
Layered request flow
Responsible Disclosure
Found a vulnerability? Report it to our security team at info@botreply.cloud. We acknowledge all reports within a 48-hour SLA and work with researchers to resolve issues responsibly.
Automate WhatsApp without compromising security
Join the growing businesses that trust BotReply with their customer conversations.