Security
How CoPhrase protects your data — encryption in transit and at rest, per-organization isolation, the credential vault, and data deletion.
Your agent handles your customers' conversations and holds the credentials to your channels. This page says plainly what CoPhrase does to protect that, and what it does not claim.
Encryption
- In transit — all traffic to CoPhrase, and all traffic from CoPhrase out to channel platforms and model providers, runs over TLS.
- At rest — data stored by CoPhrase is encrypted at rest. Channel credentials get a second, stronger layer on top of that — see the credential vault.
Organization isolation
Your organization is the tenant boundary. For an agency, each client workspace is its own organization. Nothing crosses that boundary by accident.
Isolation is enforced in three places, deliberately overlapping:
- Every record carries its organization. Not derived through a join at read time — stamped on the row itself: conversations, messages, contacts, knowledge chunks, credentials, all of it.
- Row-level security in the database. Policies are enforced by Postgres, per transaction, under the organization the request resolved to. A query that forgets to filter by organization does not return another tenant's rows; it returns nothing.
- The application layer scopes every query too. Data access goes through repositories that require an organization id. That is belt and braces on top of the database policies, not a substitute for them.
Agencies get no derived access. Being the parent of a client organization does not grant read access to its rows. An agency user who works inside a client workspace is placed there explicitly, as a real member with a visible badge, and that placement is recorded. See agencies.
Authentication
- The dashboard authenticates with a session cookie. Roles are owner, admin, and member; access is by invitation.
- Programmatic access uses API keys owned by an organization, with per-key scopes, rate limits, and optional expiry. Keys are hashed at rest — we store a hash, not the key, and cannot recover a lost one. See API and webhooks.
- Social sign-in tokens (Google, GitHub) are encrypted, not stored in plaintext.
The credential vault
Everything you bring to operate your business — channel tokens and sessions, your own AI provider keys, integration OAuth tokens — lives in one encrypted vault, separate from ordinary application data.
- Envelope encryption, AES-256-GCM. Each secret is encrypted with its own freshly-generated data key; that data key is then encrypted ("wrapped") by a versioned master key that lives outside the database. A copy of the database alone does not decrypt anything.
- Bound to your organization. The encryption is cryptographically tied to both the credential's id and the organization that owns it. Ciphertext cannot be lifted from one tenant's row and pasted into another's — the decryption simply fails.
- No plaintext handback. Credentials never leave the server. Once a token or session is saved, the dashboard can only ever show you that a secret is set and whether the connection is healthy. There is no "reveal" button, and no API that returns your credential back to you — including to us.
- Rotation. Credentials can be rotated, and the master key can be rolled over without ever decrypting the stored payloads.
- At runtime, a decrypted credential exists only inside the process that is actively sending or receiving on that channel, and is evicted when the credential changes.
AI processing
To generate a reply, the conversation and the relevant knowledge are sent to an AI model provider, which processes them and returns a response.
- Your conversation content is not used to train CoPhrase's own models.
- If you use BYOK, that content goes to the provider you chose, under your agreement with them. See billing.
- Content that comes from outside your organization — a customer's message, a crawled web page, a pasted link — is treated by the agent as data, not instructions. Actions with real-world consequences (money movement, irreversible changes, credential-bearing calls) are gated behind approval or blocked outright, rather than being triggerable by whatever a customer types into a DM. See actions.
Channel platforms
Messages travel over the platforms you connect — Meta for Instagram, WhatsApp, and Messenger; Telegram; Discord; your email provider; and so on. Once a message is on their infrastructure, their terms and their privacy policies govern it, not ours. Connecting a channel authorizes CoPhrase to send and receive on your behalf using the credentials you supply; your use of each platform remains subject to that platform's rules.
Staff access
CoPhrase staff access to a customer account is restricted to platform staff roles and is recorded. Agencies cannot impersonate their clients — an agency user acting inside a client workspace does so as themselves, which is deliberate: the client's history names a person, not a shadow session.
Data deletion
- A single contact — you can delete a contact and its conversation history from your dashboard, without deleting your account. That is the path when one of your customers asks you to erase them.
- Your whole account — email
help@cophrase.aifrom your registered address with the subject Data Deletion Request. We confirm the request, then delete your account, your connected channel credentials, your conversations and contacts, and your knowledge content. Full instructions are on the Data Deletion page. - What deletion cannot reach: deleting your account disconnects your channels, but it does not delete messages that already sit in your customers' own accounts on those platforms, or records held by the platform itself. Those are governed by that platform's policies.
See also the Privacy Policy and Terms.
What we do not claim
No certifications, and we won't pretend otherwise
CoPhrase does not hold SOC 2, ISO 27001, or any other security certification, and does not claim HIPAA or GDPR "compliance" as a badge. We have not published a third-party penetration test. The protections described on this page are what the product actually does — nothing on this page should be read as a certification we have not earned.
If you are evaluating CoPhrase and need something specific in writing, email contact@cophrase.ai and ask. An honest "not yet" is better for both of us than a logo on a page.