Security at ComAI
ComAI is built for eCommerce brands that handle sensitive customer data, payment information, and business-critical operations. Security is embedded in every layer of our platform — from infrastructure to application code to AI processing pipelines.
Encryption
- TLS 1.3 encryption for all data in transit between clients, APIs, and third-party integrations
- AES-256 encryption at rest for databases, file storage, and backup systems
- Encrypted webhook payloads and API key storage using industry-standard key management
- WhatsApp and calling channel data encrypted end-to-end through provider infrastructure
Secure Authentication
- bcrypt password hashing with configurable work factors
- HttpOnly, Secure, SameSite cookie-based session management
- JWT access tokens with short expiry and refresh token rotation
- Multi-factor authentication (MFA) support for platform admin accounts
- OAuth 2.0 integration with Shopify and other commerce platforms
Audit Logs
- Comprehensive activity logging for authentication, API access, and admin actions
- Subscription lifecycle events tracked with immutable audit trails
- Webhook delivery logs with retry history and payload checksums
- AI agent conversation logs retained per your plan configuration for compliance review
Infrastructure Security
- Hosted on SOC 2 Type II certified cloud infrastructure
- Network segmentation with private subnets and VPC isolation
- Web Application Firewall (WAF) and DDoS protection
- Automated vulnerability scanning and dependency auditing in CI/CD pipelines
- Regular penetration testing by independent security firms
- 99.9% uptime SLA with redundant failover across availability zones
Access Controls
- Role-based access control (RBAC) — merchant admin, platform admin, partner roles
- Principle of least privilege for all internal and customer-facing permissions
- Store-level API key scoping with granular permission controls
- Session timeout and automatic logout for inactive dashboard sessions
- IP allowlisting available for Enterprise plans
Incident Response
ComAI maintains a documented incident response plan with defined escalation procedures, customer notification timelines, and post-incident review processes.
Security vulnerabilities can be reported responsibly to support@comai.in. We acknowledge reports within 24 hours and provide status updates throughout remediation.
Compliance & Certifications
- GDPR-ready data handling practices with data processing agreements available
- Indian GST-compliant invoicing and billing records
- PCI DSS compliance through Razorpay and Stripe payment processors (ComAI does not store card numbers)
- Meta WhatsApp Business API and TRAI telephony compliance frameworks
Security Contact
Report security concerns: support@comai.in General support: support@comai.in