Security

We host the things that matter ourselves.

Self-hosted AI, private by default. Self-hosted phones. Workspace isolation at the database row level. Encrypted everywhere. This page is the long version, written by engineers not lawyers.

Start free trial Read the contracts
How we protect your data

Six pillars. No shortcuts.

These are the practices we run by, written so an engineer at your company can verify them on a call.

Pillar 01

Encryption that does not bend

Every byte of customer data is encrypted at rest with AES-256 and in transit with TLS 1.2 or higher. We never store secrets in plaintext, including credentials we hold for your integrations.

  • AES-256 encryption at rest on every database, object store, and backup volume.
  • TLS 1.2+ on every public endpoint with HSTS preload, perfect forward secrecy, and modern cipher suites.
  • Integration credentials (Shopify, WordPress, Stripe, and others) encrypted with AWS KMS-equivalent envelope encryption.
  • Encryption keys rotated quarterly. Master keys never leave the HSM.
Pillar 02

Access controls with teeth

Production access is gated by SSO + MFA, audited quarterly, and logged immutably for at least 12 months. We follow the principle of least privilege religiously, including for ourselves.

  • MFA is required for every engineer with production access. No exceptions.
  • SSO via Google Workspace or Microsoft Entra ID for your team. SAML 2.0 supported on Enterprise.
  • Role-based access control with admin / supervisor / agent roles, scoped by department.
  • Quarterly access reviews. Anyone who has not used a permission in 90 days loses it.
  • Immutable audit log retained for 12 months. SIEM forwarding available on Enterprise.
Pillar 03

Workspace isolation at the row level

Customer data is isolated using Postgres row-level security. Even an engineer with database access cannot query across workspaces without explicit, logged escalation.

  • Postgres RLS policies on every customer-facing table.
  • Application-level workspace scoping in every API endpoint.
  • Cross-workspace queries blocked by default. Escalation requires a second approver and a logged justification.
  • Static analysis on every PR prevents new endpoints from skipping workspace scoping.
Pillar 04

AI that never trains on your data

Our AI is self-hosted and private by default. Customer conversations are not used to train models, and they are not sent to OpenAI, Anthropic, or any third-party model provider for the features that use AI.

  • Chat, ticket, and phone AI run on infrastructure we operate. Your conversations stay in your account and never leave our infrastructure.
  • Customer data is used at inference time only, never for training or fine-tuning.
  • Retrieval-augmented generation (RAG) grounds responses in the customer's own knowledge base, so the model cannot invent facts.
  • If you connect an external model (OpenAI, Anthropic), it is opt-in and we surface the data flow in the workspace.
Pillar 05

Infrastructure we run

We run our own infrastructure. Self-hosted phones, self-hosted AI, and self-hosted everything that matters, so the parts that touch your data stay under our control.

  • Compute and database hosted on DigitalOcean in SOC 2 Type II-audited US and EU regions.
  • Carrier-grade SIP on our own voice infrastructure, so calls stay on systems we operate.
  • AI inference runs on self-hosted infrastructure on a dedicated private network.
  • Object storage encrypted at rest. CDN delivery via Cloudflare with secure presigned URLs.
Pillar 06

Resilience and backups

Encrypted backups every hour, restored monthly to validate. Designed for 99.99% availability with documented incident response.

  • Hourly encrypted Postgres backups retained for 30 days.
  • Monthly disaster recovery drill that restores from cold backup and validates row-level integrity.
  • Documented incident response plan with named on-call rotation and a 30-minute paging SLA.
  • Public status page at status.message.com with uptime and incident history.
Compliance

Where we stand on the alphabet soup.

We list what is shipped, what is in progress, and what is out of scope. We do not list certifications we have not earned.

SOC 2 Type II
Audit in progress (initial Type I May 2026, Type II report by November 2026)
ISO 27001
Targeting certification Q4 2026
GDPR
Article 28 DPA available. EU SCCs incorporated by reference.
UK GDPR
International Data Transfer Addendum to SCCs.
HIPAA
BAA available on Enterprise. PHI-eligible processing requires an addendum.
CCPA / CPRA
Compliant. California-resident rights honored.
PCI DSS
Not in scope. Stripe handles card data; we never store PANs.
STIR/SHAKEN
All outbound calls are signed. We attest A-level on US originations.
Responsible disclosure

Found a vulnerability?

Email [email protected] with a clear write-up. We acknowledge within 24 hours, triage within 72, and follow up with a patch ETA and a CVE if applicable.

We do not run a public bug bounty yet, but we pay for valid reports in line with severity. Critical issues are paid the same day we triage them.

Please do not test against live customer data. We will provision a sandbox workspace within an hour of your first email if you need one.

Security questionnaire?

Send the questionnaire (SIG, CAIQ, custom) to [email protected]. We turn most responses around in two business days and can sign an NDA first if needed.

SOC 2 report?

SOC 2 Type II is in progress. The interim Type I report is available under NDA on request.

Request the package →

One inbox. Audited stack.

Trial Message free for 14 days. Your data lands in an isolated workspace from minute zero, with the same encryption and access controls as our largest customers.

Start free trial
14 days free, no credit card needed.