Engage your customers at scale without security concerns

You want to scale up and automate your customer engagements, but you’re worried. You wish you could answer all your customer questions 24/7, but you’re concerned about the safety of your data.

Governments, banks, and other organizations with extreme data security concerns use Engati to scale their customer engagements worldwide. Here are a few of the precautions that we take to protect their data and yours.


Our database servers are securely configured and not accessible outside the demilitarized zone.

Even though we use a multi-tenant system, your data is always logically separated from another customer’s data.

For website bots, the same connection where requests are received is the one over which responses are sent back. We have also implemented additional logic to protect you from data leaks and session hijacking. The server even drops off any and all spurious connections.

Our bot platform does not save any end-users personally identifiable or location information unless specifically enabled from the platform.

While building your bot, you are also encouraged to only ask your customers for details that you absolutely require. We also urge you to provide details about how the system consumes the data in a transparent manner.

Infrastructure security

We have set up strong firewalls to protect the network and infrastructure from unauthorized access and attacks.

We even ensured that no backend functional services are exposed to the internet, and all calls go through specific checks on limited ports.

Your backup files are also stored in a separate location with different layers of security.

We have restricted physical access to the data storage through multi-factor access control, using a combination of network, certificate access, and password protection.


All data transmission between the web browser client and the server is done only over SSL encrypted channels.

All sensitive data is stored only in encrypted files.

Application user credentials (for the portal) are all stored in salted hashed form.

Periodical assessments

We conduct a monthly security-focused code review on the entire platform.

All potential threat scenarios are modeled and outlined from a design perspective on a monthly basis.

Our team performs a black box security assessment on all applications before a release. In a worst-case scenario, we carry out these assessments quarterly.

We also conduct network security assessments at regular intervals on all our production servers.



The GDPR or General Data Protection Regulation is a regulation concerning data protection and privacy for the European Union.

Here are a few of the measures that we take in compliance with the GDPR:

1. We only store information that is necessary for business and delete the rest.

2. To figure out who can use customer data and negate all risks, we identify where all our data comes from.

3. We adopt effective security measures and lodge barriers against data breaches

4. We ensure that personal data is always anonymized and encrypted.

5. Engati’s data protection capabilities are integrated to mitigate risks across all channels.

ISO 27001

ISO/IEC 27001 sets the international standard for creating, implementing, maintaining, and continuously improving an information security management system (ISMS).

As an ISO 27001 certified organization, we have sturdy security-focused controls in place under these areas:

1. Asset management — Including audits, access controls, removal or destruction of assets

2. Physical and environmental security — We have several policies and procedures to safeguard access to organization premises, hardware, software, data, etc.

3. Operation security — This includes backups/restore mechanisms, roles/responsibilities, logging and monitoring, vulnerability assessment, and management.

4. Incident Management — Engati has robust incident management guidelines in place with a severity-based chain of command, communication frequency, and associated details.

5. BCP and DR — Business Continuity guidelines in place along with detailed DR plans for various grades of impact


Conversation data from third-party sources is always validated for data integrity before being consumed.

Idle time validation is enforced for all bot user-workflow interactions.

Relevant security headers are set in place, and strong session management is enforced to prevent session hijacking.

Proper cookie-based authentication & authorization mechanisms have been implemented to protect user’s from insecure direct object reference.

Our backend framework protects the web application and its resources from cross-site scripting, cross-site request forgery and injections.

Individual portal users can only have one active session at a time. In addition to this, users are logged out of the portal after 30 minutes of inactivity, and password recovery links are only valid for 15 minutes after you request them.

Certain organizations with highly sensitive information (like government organizations and banks) cannot have their systems based entirely on the cloud. They can use our C2E (Cloud to Enterprise) Bridge for a hybrid solution in such situations.

It empowers organizations to work with a combination of on-premise environments along with Engati’s services. The C2E Bridge makes it possible for you to flow between these environments enabling greater flexibility and productivity in a secure manner.

Engati is also secure and protected against the Open Web Application Security Project (OWASP) Top 10 web application security risks.

In addition to this, all of Engati’s portal workflows are associated with user roles. Only authorized portal users are granted access to these workflows based on the configuration.

So, what are you waiting for? Start engaging your customers 24/7, without the slightest delay, in a safe manner.

This article about “Engage your customers at scale without security concerns” was originally published on Engati blogs.




Reimagine your customer journey with Engati!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to create an ARP Spoofer using Scapy?

3 Types of Security Testing for Web and Mobile Applications

{UPDATE} Nexus Tile Hack Free Resources Generator

Telehealth Challenges to Prepare for Now (With Solutions)

{UPDATE} 4 Images 1 Mot Francais Hack Free Resources Generator

How to stay safe online at home

The Case of the Pipka Skimmer

Things that could affect your Wi-Fi connection

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Reimagine your customer journey with Engati!

More from Medium

ISO 27001: 7.4 Communication

Bandler’s Three Platforms to Connect

Bandlers Three Platforms to Connect (2) simple

Digital Citizen Uses Technology | Vibez365 | Technology

What’s the Biggest Challenge Manufacturing Companies Face in Their Fight Against IP Theft?