We are excited to announce Trustpage has been acquired by Vanta!

Read the press release →
Company logo


  • Website
  • Trust Center

  • Compliance

    • CCPA

      As a service provider and data processor for our customers, we provide information and service features that help them meet their respective state law obligations, including those of the California Consumer Privacy Act of 2018 ("CCPA"). Conversica qualifies under the CCPA as a "service provider" with which you, as our Conversica customer or "business", can share CA consumer PI to the extent “reasonably necessary and proportionate” to achieve your business goals. You choose the PI we process on your behalf so our AI Assistants can initiate conversations on your behalf. We also comply with the CCPA as a "business" within the meaning of the Act.

    • COPPA

      In accordance with the Children’s Online Privacy Protection Act (COPPA), the Conversica service agreement prohibits our customers from sending to us for processing the PII of anyone who is age 13 or under. If we knowingly receive such data in our services we will inform our customers and delete it.

    • 5 more topics

  • Product Security

    • Audit Logs

      Conversica maintains administrative logs as well as logs for account establishment and modifications.

    • Multi-Factor Authentication

      Conversica makes it easy for you to add multi-factor authentication to your Conversica account user login process to enhance account security.

    • 2 more topics

  • Data Security

    • Data Encrypted At-Rest

      Data is encrypted at rest using AES256.

    • Data Encrypted In-Transit

      We encrypt data in transit using HTTPS/TLS. The TLS version supported is currently 1.2 or newer.

    • 1 more topic

  • Privacy

    • Privacy Policy

      The Conversica Privacy Policy describes our practices regarding the personal information we process as a data controller operating a business. This policy also describes our role and practices in connection with personal information we may receive and otherwise process on behalf of our customers.

    • Data Retention Policy

      Conversica retains customer data in accordance with customer instructions contained in their respective services agreements. Following customer account termination, access is removed and the customer data associated with the account is logically deleted and then overwritten. When media that hosted customer data is no longer useful, it is destroyed in compliance with NIST SP 800-88 Revision 1 Guidelines for Media Sanitation and DoD security guidelines.

    • 3 more topics

  • Incident Management & Response

    • Data Breach Notification

      Conversica operates a formal security incident response plan under its Security Event Management Policy and related procedures. Escalation procedures exist to ensure the timely communication of any data breach through the management chain and to any affected customers without undue delay.

    • Incident Response Plan (IRP)

      Our IRP is noted above under Data Breach Notification.

  • Availability & Reliability

    • Data Redundancy

      Data is backed up real time on servers in separate facilities to facilitate prompt recovery if necessary.

    • Denial of Service (DoS) Protection

      Conversica has deployed Amazon Web Services resources for Denial of Service protection

    • 1 more topic

  • Organizational Security

    • Confidentiality Agreements

      Our service agreements provide for the confidential treatment of confidential customer information, including customer data. And we require all our employees and contractors as well as vendors to sign confidentiality agreements to ensure the protection of confidential information.

    • Employee Background Checks

      Conversica employees are required to provide specific documents verifying identity and undergo federal and state criminal background checks prior to being hired.

    • 5 more topics

  • Business Continuity

    • Business Continuity Plan

      Conversica has implemented an integrated Business Continuity and Disaster Recovery Policy and maintains related plans under the policy. Please see the text under Disaster Recover Plan for more information on this topic.

    • Disaster Recovery Plan

      Conversica maintains essential disaster avoidance, readiness, and recovery planning capabilities through the use of multiple geographically dispersed data centers, redundancy throughout our platform architecture, offsite data backup, and remote access capabilities. We also maintain a Business Continuity and Disaster Recovery Policy and related plans and test them on a regular basis.

    • 1 more topic

  • Infrastructure

    • Multi-Tenant Architecture

      Conversica provides its subscription services using multi-tenant architecture with the data in each customer account logically separated from other accounts. The data is encrypted at rest using AES 256.

    • ISO 27001 - Data Center

      Amazon Web Services data centers - certified as compliant with the following ISO standards: ISO 27001:2013, ISO 27017:2015, and ISO 27018:2019.

    • 2 more topics

  • Threat Management

    • Penetration Testing

      We have an independent, third party security vendor conduct manual penetration testing of our internal and external infrastructure and services on an annual basis. This manual testing is complimented by automated testing on a more frequent regular basis using a variety of commercially available testing tools.

    • Vulnerability Scanning

      Conversica uses a number of automated scanning tools to scan for application security vulnerabilities on a frequent basis. Scans are applied to every code build and prior to code merger.

    • 1 more topic

  • Subprocessors

    • Sign up to view Conversica's Subprocessors

Sign up to see the rest of Conversica's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
Join the community:
Copyright © 2023 Trustpage. All rights reserved.
Logos provided in part by Clearbit.