Security

Security at Teleperson.

We're building consumer trust into a product that touches banking, support, and AI. The bar is "designed for the regulator, not just the user."

Security posture

Encryption at rest

Plaid access tokens are encrypted with AES-256-GCM. Extension tokens stored as SHA-256 hashes. TLS in transit on every connection.

Row-level security

Every Postgres table is RLS-enforced; tenants and users can only ever read their own rows. Backed by Supabase's RLS engine.

Minimum-permission extension

Manifest V3 with the smallest possible host-permissions surface. The extension never sees a bank credential. Plaid handles the link end-to-end.

Audit logs

Every privileged action: claims, admin overrides, billing changes, white-label tenant changes, is audit-logged with operator and target.

AI safety

Single-step authority. Watcher-classified autonomy.

The chat co-pilot never sends two messages on one click. Every drafted reply is its own user-confirmed Send. Drafts that would create binding actions (cancellations, payment changes, contract changes) require an explicit authorization toggle gated by a watcher classifier.

Privacy by design

Transcripts stay on the device by default.

Co-pilot transcripts live in chrome.storage on the device. Backend recording is opt-in for the autonomous-mode rollout. We never sell user data; we never share it with third parties outside of the integrations the user explicitly enables.

Questions about our security posture?

We respond to security disclosures within one business day.

Email security@teleperson.com Talk to enterprise