Encrypted at rest. Row-level security. GDPR erasure built in. At $49 a month.

What's built in — at every tier

Encryption at rest + in transit

All sensitive data — API credentials, refresh tokens, email addresses, conversation content — is encrypted at rest using AES-256-GCM. Ciphertext is versioned (v1.iv.tag.ciphertext) to support zero-downtime key rotation; we can roll keys without taking the service down.

All connections use TLS. No plaintext HTTP anywhere in the system.

Tenant isolation — row-level security

Every database table with tenant data has row-level security policies that deny access by default. Our backend connects with a service role that bypasses RLS, but every query we write scopes by tenant_id. Cross-tenant access is verified by automated tests that attempt forbidden queries and confirm they fail.

Practical effect: your data and another customer's data can sit in the same tables, and neither of us can ever see the other's records. Not "we trust our code" — the database itself enforces it.

Admin MFA

Time-based one-time passwords (TOTP) via standard authenticator apps. Strongly encouraged; production tenants can require MFA for all admins. Session invalidation on MFA enrollment so old sessions can't bypass the new requirement.

GDPR: export + erasure

Built as first-class features, not an afterthought.

• Export personal data by email or session ID. Returns a signed download link to a complete JSON dump.
• Erase personal data by email OR session ID. Wipes leads, conversation transcripts, and any derived records. Produces an audit log entry you can present to a regulator.
• Both operations are self-serve from the admin panel. No support ticket required.

SSRF protection

The knowledge-base crawler and webhook deliverer both validate destination hostnames against a deny-list of private / internal ranges (localhost, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.169.254, and more). No attacker can use Wengrow to probe your internal network or ours.

Prompt-injection monitoring

Every visitor message is scanned for 8 categories of prompt-injection patterns (ignore-previous, system-prompt-request, role-override, and 5 more). Every AI reply is scanned for 5 categories of leakage (system-role-leak, instruction-leak, config-leak, and 2 more). Detections are logged and metric-counted; we monitor aggregate trends and respond to spikes.

Detections are non-blocking — the conversation continues. The goal is awareness + response, not false-positive friction. High-severity patterns trigger alerts in our ops channel.

Signed webhooks

Every webhook delivery is signed with HMAC-SHA256. Your endpoint verifies the X-Wengrow-Signature header before processing, so spoofed requests can't inject fake leads into your pipeline.

Edge security

The site and widget sit behind Cloudflare with WAF rules, bot fight management (for API paths, not for widget), and response header transforms for defense-in-depth (HSTS, CSP, X-Frame-Options where appropriate).

What's on the roadmap — said plainly

SOC 2

We don't have SOC 2 Type II today. We're documenting policies, access controls, incident response, and change management toward a Type I audit in 2026, followed by Type II.

If you need SOC 2 today, we're not your vendor. Buy Cognigy or a similar enterprise platform with the certification already in hand.

If you can operate with a documented-but-uncertified security posture (most SMB buyers can), Wengrow's underlying controls are strong — they're just not audited yet.

HIPAA

We're not a HIPAA-certified covered entity or business associate. Wengrow handles top-of-funnel marketing and lead-capture conversations — not PHI. If your use case touches PHI (symptom descriptions, diagnosis discussions, patient record lookups), Wengrow is not the right tool.

For healthcare marketing / appointment triage / insurance-eligibility screening where the visitor hasn't yet shared PHI, Wengrow is fine.

ISO 27001

Similar to SOC 2. Documented, not audited. Roadmap item post-SOC-2.

Named integrations for sensitive workflows

• SAML 2.0 single sign-on (Pro+) — self-serve SSO with Okta, Microsoft Entra, Google Workspace, and any SAML 2.0 IdP. DNS-verified domain, MFA delegated to your IdP, audit-logged sign-ins. See the setup + security model →
• Custom AI system prompt (Business+) — encode compliance guardrails that the agent is never allowed to violate.
• Compliance-Sensitive personality preset (every tier) — pre-tuned for FINRA-flavored, HIPAA-adjacent, or legal-sensitive contexts.
• Audit-ready conversation transcripts — every agent turn is logged with timestamps, source chunks, and model metadata. Your compliance team can reconstruct any conversation end-to-end.