Security & Compliance
SolveoAI is built for teams that care about security. Every feature is designed with data protection in mind — from role-based access control to full audit logs and GDPR compliance.
Security features
Role-Based Access Control (RBAC)
Five roles (Owner, Admin, Member, Support, Viewer) with distinct permission sets. Enforced at the API level — not just the UI.
- Permissions enforced on every API request, not just in the dashboard
- Workspace-scoped roles: a user can have different roles in different workspaces
- Role changes take effect immediately with no session delay
Audit logs
Every admin action is logged with a timestamp, user ID, and IP address. Logs are immutable and retained for 12 months.
- Logged events: login, logout, agent creation/deletion, member invite/removal, API key creation/rotation, billing changes
- Export logs as CSV for compliance reporting
- Filter by date, user, or action type
- Available to Admins and Owners
API key management
Create, rotate, and revoke API keys without downtime. Each key can be scoped to specific operations.
- Generate multiple keys — one per integration or environment
- Rotate a key with zero downtime: create a new key, update your integration, then revoke the old one
- Revoke a compromised key instantly — takes effect within seconds
- View last-used date and IP for each key
Two-factor authentication (2FA)
Enable 2FA for your account to require a one-time code in addition to your password on every login.
- Supports authenticator apps (Google Authenticator, Authy, 1Password)
- Owners can enforce 2FA for all team members in Settings → Security
- Recovery codes generated at setup — store them securely
Data encryption
All data is encrypted in transit and at rest. We use industry-standard encryption throughout.
- TLS 1.3 for all data in transit
- AES-256 encryption for data at rest
- Database credentials and API keys encrypted at the field level
- Conversation data and knowledge base content encrypted in the database
Data privacy
We do not train on your data
Your conversation data and knowledge base content are never used to train the underlying LLM models. Your data is processed only to power your agents' responses.
Data retention
Conversations are retained for the period defined by your plan. You can delete conversations at any time — deletion is permanent and immediate.
Free
30 days
Starter / Pro
12 months
Enterprise
Custom
GDPR compliance
SolveoAI is GDPR-compliant. We act as a data processor for the conversation and knowledge base data you store on our platform. As the data controller, you retain full rights over that data.
SSO & identity providers
(Enterprise)Enterprise plans support SAML 2.0 and OAuth 2.0 SSO so your team can sign in with your existing identity provider. Configure it once and your team uses their corporate credentials — no separate SolveoAI passwords required.
SSO setup requires Enterprise plan. Contact sales to get started. Once configured, you can enforce SSO for all team members from Settings → Security → Enforce SSO.
Responsible disclosure
If you discover a security vulnerability in SolveoAI, please report it responsibly. We take all security reports seriously and will respond within 48 hours.
Report vulnerabilities to security@solveoai.io with a detailed description. Please do not publicly disclose the issue until we have had time to investigate and remediate.