Webair AI
Security & Privacy

Your data stays yours.Always.

Webair AI is built so your business memory stays private, encrypted, and controlled by you — not sold, not used for ads, and not used to train public AI models.

Start building your private Knowledge HubSee how the Hub works
Encrypted in transit and at rest Never used to train public AI models Built to SOC 2 Type II standards GDPR-aligned · HIPAA-ready

Plain English

What encryption means

Encryption locks your information so it cannot be read without authorization. Your messages, files, memories, and connected app data are protected while they move and while they are stored.

  • In transit: the data is scrambled while it travels between your phone, the web app, our servers, and the AI providers we route through.
  • At rest: when stored, your Knowledge Hub is encrypted on our infrastructure so the underlying records can't be read without authorization.
  • Not used for training: your private business context goes into answering your requests — not into any public AI model's training set.

What we do with your data

  • Use it to answer your requests, in your account, for you and the team members you choose to share with.
  • Structure it into your private Knowledge Hub so the right context is used at the right moment.
  • Let you export, edit, or delete it at any time.

What we don't do

  • We do not sell your data.
  • We do not use your private memory for ad targeting.
  • We do not use your business data to train public AI models.
  • We do not ask you to paste sensitive company context into random AI tools over and over.

Memory you control

Why Webair AI memory is different

Most AI tools either forget you between conversations or keep a memory you can't see. Webair AI builds your memory in the open, separates it by type, and gives you control.

Private by default

Your Knowledge Hub belongs to your account and your team — not to an ad network or public model-training pipeline.

Not used for training

Your business context is used to help your assistant work for you. It is not used to train public AI models.

No advertising profile

We do not sell your data or build ad-targeting profiles from your conversations.

Cortyx separates memory

Cortyx labels context into personal preferences, business facts, operational knowledge, and workflow memory. That separation helps prevent the wrong context from being used in the wrong place.

You control connected apps

Google, Slack, Notion, HubSpot, and other connections use permission-based access. You choose what to connect and can revoke access.

Approvals for actions

When Webair AI prepares actions like sending messages, scheduling, or creating workflows, the product clearly shows what is happening and asks for approval where needed.

Standards

Built for enterprise trust

We hold ourselves to recognized standards and give compliance teams the documentation they need to bring Webair AI into your stack.

SOC 2 Type II

Built to the SOC 2 Type II Security and Availability trust service criteria. Compliance documentation available under NDA on request.

GDPR-aligned

GDPR-aligned data processing for European customers. Data processing agreements and configurable data residency available on request.

HIPAA-ready

Our infrastructure supports HIPAA requirements. Business Associate Agreements available for healthcare organizations.

Security controls

How we protect your data

Infrastructure security

  • Data encrypted in transit and at rest
  • Hosted on enterprise cloud infrastructure with SOC 2 Type II controls
  • Network isolation with strict access controls
  • Automated vulnerability scanning and patching
  • DDoS protection at the edge

Access control

  • Role-based access control for all resources
  • Multi-factor authentication for internal access
  • SSO/SAML available for enterprise customers
  • Automated access provisioning and removal
  • Privileged access logged and reviewed

Data handling

  • Your data is never used to train public AI models
  • Customer data isolated by account
  • Configurable data retention and deletion
  • Data residency options for EU customers
  • Secure data export and portability on request

Operational security

  • 24/7 monitoring with automated alerting
  • Documented incident response with defined timelines
  • Regular security exercises and reviews
  • Change management with peer review and rollback
  • Background checks and security training for staff

Shared responsibility

Our commitment, your role

Security is a shared responsibility. We secure the platform; you manage your team's access and your own data policies.

What Webair AI handles

  • Infrastructure and platform security
  • Encryption of data in transit and at rest
  • Platform availability and disaster recovery
  • Vulnerability management and patching
  • Maintaining SOC 2 Type II controls
  • Incident detection, response, and notification

What you manage

  • User access and authentication settings
  • Which apps you connect and what permissions they have
  • Data retention and sharing preferences
  • Sensitive data classification within your account
  • Reporting suspected security issues to us
  • Reviewing your team and division permissions

Security questions?

Request our SOC 2 Type II compliance documentation, discuss HIPAA setup, or report a security concern.

Contact Security Team

Start building your private Knowledge Hub.

Encrypted in transit and at rest. Never sold to advertisers. Not used to train public AI models. You stay in control.

Get StartedBook a Demo