Security & Compliance
At Instict, trust is fundamental to every customer interaction we automate. Our platform is built to meet global standards of data security, privacy, and compliance enabling businesses of all sizes to deploy AI with confidence.
This page outlines the legal, technical, and operational safeguards we use to ensure secure and compliant use of conversational AI across chat, voice, and omnichannel experiences.
Executive Summary
We are committed to protecting the confidentiality, integrity, and availability of customer and end-user data. We are aligned with key international and local regulatory frameworks including:
GDPR – General Data Protection Regulation (EU)
NDPA – Nigeria Data Protection Act
We provide:
End-to-end encrypted communications
Regional data hosting and residency controls
Role-based access and audit controls
No unauthorized data training or sharing
Optional enterprise deployments (self-hosted or VPC)
1. Data Security Practices
We maintain strict controls over how your data is stored, accessed, and transmitted. Our infrastructure is designed with layered security at the application, network, and cloud infrastructure levels.
Key Safeguards:
Data Encryption: All data in transit is secured using TLS 1.2/1.3. At rest, data is encrypted using AES-256.
Access Control: Internal systems use Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
Audit Logs: Access to sensitive systems and actions are logged and available for review.
Infrastructure Hosting: We utilize global cloud providers (AWS, GCP, Azure), with optional local data hosting for clients in regulated industries.
2. Privacy and Data Governance
We treat your data with the utmost care and respect. We do not use customer data to train public models. All client-specific AI training is scoped to the documents, SOPs, and content provided by the client.
Data Handling Policies:
Data Collection: Limited to operational needs such as chatbot performance, message history, or customer IDs.
Data Retention: By default, data is retained for 30–90 days unless contractually extended. Custom policies available.
Data Deletion: Customers may request full data deletion at any time, including model embeddings, message logs, and transcripts.
Cross-border Transfer: We offer data localization on request and comply with restrictions under GDPR, NDPA, and related frameworks.
3. Regulatory Compliance
We treat your data with the utmost care and respect. We do not use customer data to train public models. All client-specific AI training is scoped to the documents, SOPs, and content provided by the client.
GDPR: We support subject access requests, erasure rights, consent tracking, and processor transparency.
NDPR: We provide local hosting options (e.g. AWS Cape Town), consent policy enforcement, and secure onboarding workflows.
4. Hosting, Isolation, and Deployment Options
We support multiple hosting configurations based on client needs:
Cloud-hosted (default): Your data is securely hosted on our multi-tenant infrastructure, isolated by workspace and project.
Private VPC / Self-Hosted: For enterprises, we offer single-tenant deployments in customer-controlled environments.
Data Residency: Choose your preferred region for data storage.
5. AI Model Governance
We maintain transparent controls over all AI behaviour:
Model Training: Our AI agents are trained only on data you provide e.g websites, documents, and structured content.
No Public Model Sharing: We never use your data to fine-tune external models or expose it via third-party LLM APIs.
RAG Isolation: Retrieval-Augmented Generation (RAG) pipelines are sandboxed per client, preventing data leakage.
Custom Prompts and Responses: You control tone, behaviour, escalation logic, and language used by your agents.
6. Vendor & Subprocessor Management
We work with a select number of sub processors to deliver services. All partners are vetted for:
Security certifications (SOC 2, ISO 27001)
Data processing agreements (DPAs)
Uptime and breach notification SLAs
7. Responsible Disclosure
We encourage researchers and partners to report potential vulnerabilities responsibly.
Please email: info@instictai.com
We aim to respond within 48 hours
Final Statement
We believe that earning your trust starts with protecting your data. Whether you're an SME or an enterprise, our team is committed to delivering secure, transparent, and compliant AI solutions backed by clear contracts, proven technology, and expert support.