FAQs

We follow best practices aligned with ISO 27001 and SOC 2 frameworks. Formal certifications are currently in progress. For enterprise clients, we provide documentation on our security controls and internal audits upon request.

No — we never use your data to train public or third-party AI models. All your interactions, documents, and metadata stay private and isolated, by default.

We support enterprise-grade identity management, including Single Sign-On (SSO), granular Role-Based Access Control (RBAC), and Multi-Factor Authentication (MFA). All actions are logged and auditable, ensuring full transparency and control over internal

Yes. Siesta AI is built to comply with GDPR and other major privacy regulations. We offer EU-based hosting, data residency control, and privacy-by-design architecture. Data processing agreements (DPA) are available.

If self-hosted, the data always remains yours. If cloud-hosted, your data can be exported and deleted upon request, ensuring full compliance.

Siesta AI only accesses the data you explicitly connect to the platform (e.g. CRM, inbox, knowledge base). We store encrypted conversation logs, user interactions, and minimal metadata for audit and analytics purposes. You control data sources, retention

We provide enterprise SLAs with guaranteed uptime, response time targets, and dedicated support channels. For critical deployments, we offer 24/7 incident handling and custom support workflows tailored to your internal processes.

You define data retention rules across all integrated sources. We offer configurable policies to auto-delete, archive, or anonymize data after defined periods — helping you meet internal governance, DLP, or regulatory requirements (e.g. GDPR, HIPAA).