Secure by design.
Your repair shop data is the backbone of your business. We protect it with AES-256 encryption, strict tenant isolation, and SOC 2 certified infrastructure — the same security standards used by leading SaaS platforms.
How does cellbot protect repair shop data?
cellbot uses AES-256-GCM encryption, multi-tenant data isolation, GDPR-compliant data handling, managed rate limiting, and timing-safe webhook verification — all deployed on enterprise-grade SOC 2 certified infrastructure.
See how these protections support our full feature set, our 11+ integrations, or read our FAQ for common questions.
GDPR Compliant
Full data subject rights, lawful processing, DPA available on request
PCI DSS via Stripe
All payment processing handled by Stripe (PCI DSS Level 1)
Encrypted at Rest & In Transit
TLS 1.2+ for data in transit, AES-256 encryption at rest
SOC 2 Certified Infrastructure
All core infrastructure providers hold SOC 2 Type II certification
Cyber Essentials
UK government-backed certification for cyber security basics
SOC 2 Type I
Organisation-level security, availability, and confidentiality audit
What security features are built into cellbot?
Every layer of cellbot is built with security in mind — multi-tenant data isolation, 6-layer pricebook protection, HMAC-SHA256 webhook signing, and rate limiting on all API endpoints.
Multi-Tenant Isolation
Every database query validates shop ownership. Your data is completely isolated — no shop can ever access another shop's records.
Pricebook Protection
Multi-layer security with entitlement gating, rate limiting, and pagination caps to protect your pricing data.
Authentication & SSO
SOC 2 Type II authentication with multi-factor authentication, social login, role-based access control, and automatic session management.
Rate Limiting & DDoS Protection
Rate limiting on all API endpoints with per-session throttling, global edge protection, and DDoS controls to prevent abuse.
Webhook Verification
All inbound and outbound webhooks are signed with HMAC-SHA256. Timing-safe signature verification prevents replay attacks.
Audit Logging
Mutations are logged with timestamps, user IDs, and context. Structured audit trail for compliance reviews and incident investigation.
Does cellbot use my data to train AI?
No. cellbot never uses your customer conversations, repair records, or pricebook data to train or fine-tune any AI model — all AI processing is ephemeral and your data stays yours.
cellbot uses AI to power chat, diagnostics, and the copilot — but your data stays yours.
All AI processing is ephemeral. Prompts and responses are not stored by our AI providers beyond the immediate request. We use enterprise AI APIs with data privacy agreements in place — your data is excluded from model training by default.
AI-generated repair quotes are always sourced from your pricebook. The AI never fabricates prices or invents repair costs — every quote is traceable to a real pricebook entry.
How resilient is cellbot's infrastructure?
cellbot runs on SOC 2 Type II certified infrastructure with PCI DSS Level 1 payment processing via Stripe — each core provider has 99.9%+ uptime track records.
Edge Hosting
SOC 2 Type II
Edge network, DDoS protection
Realtime Data Platform
SOC 2 Type II
Real-time database infrastructure
Identity Platform
SOC 2 Type II
Authentication & identity
Stripe
PCI DSS Level 1
Payment processing
How does cellbot handle my data?
Encryption
All data in transit is encrypted with TLS 1.2+. Data at rest is encrypted with AES-256. Database backups are encrypted and stored in geographically redundant locations.
Data residency
Application data is stored in SOC 2 Type II certified infrastructure. Edge services run on a global network with automatic regional routing.
Your GDPR rights
You can export all your data at any time. You can request full erasure of your account and all associated data. We respond to all data subject requests within 30 days as required by GDPR.
Data retention
Active account data is retained while your account is active. After account deletion, all data is permanently erased within 30 days. Audit logs are retained as required for compliance.
Incident response
We follow a structured incident response process: detect, assess, contain, eradicate, recover, and learn. Affected customers are notified within 72 hours of a confirmed breach as required by GDPR.
For full details, see our Privacy Policy.
Found a vulnerability?
We take every security report seriously. If you discover a vulnerability, please email security@cellbot.chat. We acknowledge all reports within 24 hours, assess severity within 72 hours, and deploy critical fixes within 7 days. We credit all reporters unless they prefer anonymity.
Protect your repair business.
Trust cellbot to protect your repair business data — GDPR compliant, AES-256 encrypted, and built with multi-tenant isolation.
Cancel any time.