Mavim Trustcenter | Privacy

Trusted with Security, Privacy and Compliance

Mavim ConversAI Trust Center

Data Protection & Security

Azure-Native Security

Mavim ConversAI is built on Microsoft Azure, ensuring enterprise-grade security for all customer data.

  • Data Residency: All data remains within the customer’s Azure environment, with region-specific storage (e.g., EU customers’ data stays in the EU).
  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Encryption keys are securely managed by Microsoft Azure, with the option for customer-managed keys via Azure Key Vault.
  • Access Control:
Role-Based Access Control (RBAC) and identity federation (Azure AD) restrict system access to authorized users only.

Threat Detection & Incident Response

  • Real-time threat detection tools (e.g., Microsoft Defender for Cloud) monitor for suspicious activity.
  • A dedicated Security Incident Response Team investigates and responds to security breaches or incidents.

Backup & Disaster Recovery

  • Full backup and disaster recovery plans are in place, with regular snapshots and redundant data stores to ensure recoverability.


Privacy & Data Handling

No PII Storage

  • ConversAI does not store personally identifiable information (PII) for its AI features.
  • All user inputs and outputs are anonymized and transmitted securely.

Customer Data Ownership & Retention

  • All indexed content remains customer-owned and is stored securely, isolated per customer/tenant.
  • No external public or third-party datasets are ingested into customer indexes.
  • No requests, prompts, or responses are stored in any Mavim environment. Indexed data is retained only as long as the customer chooses; deletion is immediate and permanent.

Compliance

  • ConversAI complies with GDPR, CCPA, and the European AI Act, and is classified as a low-risk AI implementation.
  • Data for European customers is always stored within EU jurisdiction.


Technical Certifications & Audits

Certifications

  • The underlying infrastructure is certified to ISO 27001 and SOC 2 Type II standards.

Security Audits & Vulnerability Management

  • Regular internal and external security audits, including penetration tests and compliance assessments.
  • Vulnerabilities are tracked using CVE databases and remediated as per documented processes.


Data Privacy & Confidentiality

Closed Ecosystem

  • ConversAI operates in a closed ecosystem. Prompts, inputs, and outputs remain confidential and are not used to train the AI algorithm.
  • The underlying AI model is not fine-tuned or retrained using customer data.

Data Isolation

  • Each customer’s version data is stored and indexed separately.
  • OAuth protection ensures only authenticated and authorized users can access their own data, preventing cross-customer data access.


Transparency & User Support

Documentation

  • Mavim provides detailed documentation on data handling, security practices, and compliance. Data Protection Impact Assessments are available if applicable.

User Training

  • Extensive product documentation and learning materials are available for users and administrators to ensure secure usage of the AI system.

For further details or to request documentation, please contact your account manager.