Enterprise AI Security: How Chatzuri Protects Customer Data at Scale

Before a security-conscious enterprise deploys a third-party AI platform for customer support, the questions are always the same: Where is customer data stored? Who has access to conversation logs? How long is data retained? What happens in a breach? These are the right questions. Here are the answers for Chatzuri's platform.

Data Architecture

Customer conversation data on Chatzuri is stored in encrypted PostgreSQL databases. Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3 for all connections between the client application, the Chatzuri API, and any third-party AI model providers. Connection strings, API keys, and credentials are never stored in application code — they live in encrypted secret stores with access restricted by role.

What Data Is Stored and For How Long

Chatzuri stores three categories of data: conversation transcripts (the messages exchanged between customer and agent), metadata (timestamps, channel, conversation duration, resolution status), and agent configuration (knowledge base content, system prompts, tool definitions). Customer PII within conversations is subject to your configured data retention policy — enterprise plans can set retention windows as short as 30 days or enable automatic PII redaction from stored transcripts.

Conversation data is never used to train Chatzuri's internal models or shared with third parties. When you configure Claude or GPT-4o as your agent's model provider, conversation data is subject to Anthropic's or OpenAI's enterprise data processing agreements respectively — we surface these agreements during setup and recommend enterprise plans with data residency guarantees for regulated industries.

Access Controls

Within your Chatzuri workspace, access to conversation logs is role-gated. Team members can be assigned to view conversation transcripts only for the agents they manage. Admin access to full workspace data is logged with timestamped audit trails. API access uses scoped keys — a key generated for your WhatsApp integration cannot access conversation history or agent configuration.

GDPR and POPIA Compliance

• Data Processing Agreement (DPA) available for all enterprise accounts
• Configurable data residency: EU, US, or African data centres available
• Customer data deletion requests: API endpoint and dashboard available for GDPR/POPIA right-to-erasure requests
• Consent management: configurable disclosure language at conversation start
• Data export: full conversation data exportable in structured format on request

Third-Party AI Model Security

When your agent uses GPT-4o or Claude, customer messages pass through those providers' inference infrastructure. For enterprises with strict data residency requirements, Chatzuri supports routing inference through Azure OpenAI Service (which offers EU and regional data residency) and through self-hosted or private cloud model deployments. This eliminates the third-party data processing concern entirely, at the cost of higher infrastructure overhead.