Your data is safe here.
We handle your content, your customers' conversations, and your contacts with care. Here's exactly how, no asterisks.
Infrastructure
How we run the platform
Hosted on Vercel
All application infrastructure runs on Vercel's global edge network, industry-standard TLS everywhere, automatic certificate rotation, and DDoS protection built in.
Encrypted in transit & at rest
Every connection uses TLS 1.2 or higher. Data stored in our database is encrypted at rest using AES-256. Your content doesn't leave our infrastructure in plain text.
Isolated customer data
Each account's chatbot data, conversations, and contacts are logically isolated. Your content is never accessible to other customers.
Uptime & reliability
We use Vercel's global infrastructure with automatic failover and redundancy. We target 99.9% uptime for all plan tiers.
Data
What we store and what we don't
Your account email and hashed password
Chatbot training content (your uploaded files, crawled URLs, and Q&A pairs)
Chat conversation transcripts (text only)
Lead contact details captured via your chatbot
Billing information (processed and stored by Stripe, we never see card numbers)
Credit card numbers or full payment details
Cookies or cross-site tracking data
Visitor IP addresses beyond what your server logs capture
Any data sold to third parties
GDPR & compliance
Your rights as a data subject
We follow GDPR principles across the entire platform, whether or not you're based in the EU. That means data minimisation, purpose limitation, and the right to be forgotten.
Right to access
Request a copy of all data we hold about you
Right to erasure
Delete your account and all data within 30 days
Right to portability
Export your contacts, conversations, and training data
DPA available
Data Processing Agreements available on Business plan
Access controls
Who can see your data
Access to production systems is restricted to core team members on a need-to-know basis, with audit logging.
You
Full access to your account, chatbots, conversations, and contacts via the dashboard.
Your team
Users you invite to your account (Business plan). Role-based access controls coming soon.
Follwup staff
Access strictly limited to debugging reported issues. We log all internal access events.
Responsible disclosure
Found a vulnerability? We want to know. Email security@follwup.app with details. We respond within 72 hours, acknowledge valid reports, and never pursue action against good-faith researchers.
FAQ
Security questions
Questions about security?
We're a small team and we read everything. Email us directly.