Security

Enterprise-Grade Data Security Last updated: April 10, 2026

Table of Contents

At Sistava, we understand that data security is paramount. Our AI Employee Platform is built with security at its core, implementing industry-leading practices to protect your data and ensure compliance with global security standards. When you hire AI employees, connect tools, and run real work through our platform, you trust us with your business data, credentials, and workflows. We take that trust seriously. Every layer of our architecture — from multi-tenant isolation to durable execution pipelines — is designed to keep your data safe, private, and under your control. Our commitment to data protection includes:

• Data Security & Privacy
• Enterprise-Grade Security Features
• Data Protection & Privacy
• AI-Specific Security & Desktop Companion
• Compliance & Certifications
• Infrastructure & Architecture
• Third-Party Providers
• Security Best Practices
• Deployment Options
• Contact Us
• End-to-End Encryption: All data is encrypted both in transit (TLS 1.3) and at rest (AES-256). Communication between services, APIs, and external integrations is secured via HTTPS with modern cipher suites.
• Access Control: Role-based access control (RBAC) with support for multi-factor authentication (MFA). Organization owners, admins, and members have distinct permission levels. Tool access is controlled per employee and per tenant.
• Multi-Tenant Data Isolation: Strict tenant isolation at the database, application, and execution layers. Every query, every workflow, and every AI employee is scoped to your organization. There is no data leakage between tenants.
• Credential Security: OAuth tokens and API keys for connected tools are stored encrypted and managed through secure credential vaults. AI employees never see raw credentials — they use secure proxied connections.
• Connected Apps & Channels — Data Minimization: By default the AI employee reads from third-party apps you connect (such as Slack, Telegram, WhatsApp, Teams, Gmail, Outlook, Drive, Notion, CRMs, calendars, databases, knowledge bases, MCP servers, custom webhooks, and any other integration we may add) on demand and only fetches the specific records needed to answer the current turn. Raw third-party content is held in memory for the duration of that turn and discarded afterwards; what survives is the embeddings, knowledge-graph facts, or short notes the agent itself chose to keep. We do not bulk-copy, mirror, or warehouse the contents of your connected systems. Bulk extraction only happens for features that say so up front (such as training / knowledge ingestion). See the Privacy Policy for the full lifecycle and declared exceptions.
• Audit Logging: Comprehensive activity timelines record every action — LLM calls, tool executions, task lifecycle events, and user actions — with deep inspection available for prompts, traces, tokens, and runtime metrics.
• Session Security: Secure, HTTP-only JWT cookies with automatic rotation. Sessions are invalidated on logout and expire after configurable timeouts.
• Data encryption at rest (AES-256) and in transit (TLS 1.3) across all services
• Regular security assessments and vulnerability scanning
• Comprehensive audit logging and real-time monitoring across employees, teams, and organizations
• Automated data backup and disaster recovery procedures with defined RPO/RTO targets
• Strict access controls and authentication mechanisms at every layer
• Data minimization — we collect only what is necessary to deliver the service
• Right to deletion — you can terminate employees (moving them to Alumni with history preserved) or request full data erasure at any time

Data Retention Policy

We retain your data to help you get the most out of the platform. Operational data is automatically cleaned up after the retention period, while your core workspace data is kept for as long as your account is active. Billing summaries (monthly aggregates) are kept permanently regardless of retention periods. You can request full data erasure at any time by contacting support@sista.ai. Running autonomous AI employees that execute real work requires security measures beyond traditional application security. We implement multiple layers of AI-specific protection:

• Data — Retention — Details
• Chat messages — Indefinite — Full conversation history kept for as long as your account is active
• Conversation working memory — 30 days — Internal AI working state per chat thread (LangGraph checkpoints). Old threads rebuild context from chat history and employee notes when reopened.
• Employee memory and notes — Indefinite — What your employees learn and remember persists across sessions
• Work journals — 2 years — Daily work logs and execution summaries written by employees
• Activity timeline — 2 years — Record of every action, tool call, and decision made by employees
• Usage records — 2 years — Token usage and credit consumption for billing transparency
• Task history — 6 months — Completed, failed, or cancelled tasks. Active tasks are always kept.
• Delegation history — 2 years — Conversations between employees during team collaboration
• Approval history — 1 year — Resolved human-in-the-loop approval records. Pending approvals are always kept.
• Debug traces — 1 year — Detailed execution traces for troubleshooting and optimization
• Email delivery logs — 1 year — Records of system emails sent (signup, alerts, notifications)
• In-app notifications — 1 year — Notification history in your inbox
• Schedule execution logs — 1 year — Records of automated schedule triggers and their outcomes
• Generated files and images — Indefinite — Files created by employees (images, exports). Orphaned files cleaned after 30 days.
• Knowledge graph — 2 years — Conversation episodes ingested into the knowledge graph. Extracted facts persist independently.
• Connected-app on-demand reads — Not retained — Content fetched from third-party apps you connected (Slack, Telegram, WhatsApp, Teams, Gmail, Outlook, Drive, Notion, CRMs, calendars, databases, knowledge bases, MCP servers, custom webhooks, etc.) at the moment a task runs is held in memory only for that turn and discarded afterwards. What the agent keeps becomes embeddings, knowledge-graph facts, or short notes.
• Terminated employee data — 90 days — Memories, skills, and documents of terminated employees are cleaned up after 90 days.
• Guardrails: Configurable safety rails that govern what AI employees can and cannot do. Guardrails help prevent prompt injection, enforce topic boundaries, and keep employees within their defined scope.
• PII Protection: Automated detection and redaction of personally identifiable information in AI inputs and outputs. Sensitive data can be masked before it reaches language models when configured.
• Prompt Injection Prevention: Input sanitization and validation at the dispatcher layer. System prompts are isolated from user inputs. Tool calls are validated against allowed schemas before execution.
• Tool Execution Sandboxing: AI employees can only use tools that are explicitly assigned to them. Tool access is controlled per employee and per tenant. Disconnected tools remain visible but non-functional until authorized.
• Human-in-the-Loop Approvals: Optionally require human approval for sensitive skills or tool executions. Employees pause and wait for your sign-off before proceeding with high-risk actions.
• Credit-Based Quotas: Usage metering prevents runaway executions. Credit limits and rate controls ensure AI employees operate within defined resource boundaries.
• Model Provider Policies: We work with AI providers (such as OpenAI, Anthropic, Moonshot AI, Google, xAI, and OpenRouter) under commercial terms that, where available, prohibit training on customer data submitted via their APIs. Where such terms are not available, we minimize what is sent.

Desktop Companion App — Local Computer Control

Sistava offers an optional desktop companion app that, when installed and authorized by you, gives an AI employee the ability to control your computer and your web browser locally: move the mouse, click, type, take screenshots, read what is on screen, open and close applications, navigate websites, fill forms, read and modify files, run commands, and interact with anything your user account on that machine can reach. By installing and running the desktop companion you grant the AI employee operating permissions equivalent to your own user account, and you accept the risk of any action it takes while running. We design the companion with several safety boundaries: See the "Desktop Companion, Connected Accounts & Use At Your Own Risk" section of our Terms of Service for the full legal framing of who is responsible for what when the companion or a connected account takes an action on your behalf. Sistava is fully committed to upholding the highest standards of security, privacy, and regulatory compliance. We regularly review and update our practices, conduct third-party security audits, and maintain industry-standard security controls to ensure robust protection for our users and partners. Our platform leverages industry-leading cloud infrastructure and is architected for reliability, scalability, and security: We carefully vet all third-party providers for their security posture, compliance certifications, and data handling practices. The list below is rendered from the same source of truth as the Sub-processors page ( routes/legal/_data/subprocessors.ts ) so the two pages cannot drift out of sync. For the complete and canonical list of data processing activities and sub-processors, see our dedicated Sub-processors page . Sub-processor changes are notified by updating that page. Our approach is proactive: we regularly review, update, and improve our security controls to stay ahead of emerging threats and regulatory changes. We implement and maintain: We offer flexible deployment options to meet your specific security and compliance requirements:

• Local-first execution: Mouse, keyboard, screen capture, and browser control all happen on your own machine. The companion is the "hands"; the cloud platform is the "brain". Your local files and screen contents are not uploaded to our servers in bulk.
• Authenticated session: The companion connects to your Sistava account over an authenticated, encrypted WebSocket session. You must be signed in. You can revoke the session at any time by quitting the app or signing out.
• You stay in control: You can pause, stop, or quit the companion at any moment. Sensitive actions can be gated behind human-in-the-loop approvals. The companion does not auto-launch and only runs when you explicitly start it.
• Scoped to your user account: The companion runs with the same permissions as your operating system user. It cannot escalate to administrator/root unless you explicitly grant that, and we recommend you do not.
• Open source dependencies: The companion uses open-source automation libraries. Like any autonomous system controlling a real computer, it can behave unpredictably, click the wrong thing, type into the wrong window, or take an action you did not intend. Only run it in environments where you are comfortable accepting that risk.
• GDPR : Full compliance with the General Data Protection Regulation. We provide data processing agreements (DPAs), support data subject rights (access, rectification, erasure, portability), and maintain records of processing activities. Our infrastructure is hosted in EU regions.
• CCPA / CPRA: Compliance with the California Consumer Privacy Act and California Privacy Rights Act for users in California, including the right to know, delete, and opt out of data sales.
• EU AI Act : Transparency disclosures per Article 50 of the EU AI Act. Users are informed when they interact with AI-generated content, and we maintain documentation of our AI systems' capabilities and limitations.
• SOC 2 Type II: Our platform is designed and operated in alignment with SOC 2 Type II principles and controls. We are not formally certified yet.
• ISO 27001: Our security management practices align with ISO 27001 controls. We are not formally certified yet.
• Cloud Infrastructure: Sistava runs on a combination of leading cloud providers, including Amazon Web Services (AWS), Hetzner Cloud, and Google Cloud Platform (GCP), each of which maintains SOC 2, ISO 27001, and other industry certifications.
• Edge & DDoS Protection: Cloudflare provides WAF, CDN, and DDoS protection in front of the platform. TLS certificates are issued and renewed automatically.
• Durable Execution: Every trigger — chat, schedule, API, or external channel — runs as a durable workflow. Messages and outputs are persisted so work is not lost. Execution is observable while it runs and resumable if something fails.
• Database Security: Encryption at rest, automated backups, and point-in-time recovery. All database queries are tenant-scoped with parameterized queries to prevent SQL injection.
• Network Security: Network isolation, security groups, and access control lists restrict traffic to authorized endpoints only. Internal services communicate over private networks.
• Monitoring & Alerting: Real-time security monitoring with automated alerting for anomalous behavior, unauthorized access attempts, and system health degradation.
• : {items.map((s, idx) => ( {s.dpaUrl ? ( ) : ( )} ))} .
• PCI DSS: Sistava does not store credit card numbers — all payment data is handled by Stripe (PCI DSS Level 1 certified).
• 3D Secure: All card payments support 3D Secure (3DS) authentication, adding an extra verification step during checkout to protect against unauthorized use. This is handled entirely by Stripe and the cardholder's bank.
• Secure software development lifecycle (SDLC) with code reviews and automated security scanning
• Regular security training for all team members
• Incident response and disaster recovery plans with documented procedures and regular drills
• Vulnerability management with timely patching and dependency updates
• Continuous security monitoring, intrusion detection, and threat analysis
• Penetration testing and security assessments on a regular schedule
• Principle of least privilege applied across all systems, services, and personnel access
• Secrets management with automated rotation and no hardcoded credentials

SaaS (Recommended)

• Hosted on enterprise-grade cloud infrastructure (AWS, Hetzner, GCP) with multi-region availability
• Regular security updates and maintenance
• Built-in disaster recovery and backup systems
• 99.9% uptime SLA

Private Cloud

• Complete physical and network isolation
• Custom security controls and policies
• Dedicated infrastructure and resources
• Enhanced compliance capabilities

Virtual Private Cloud (VPC)

For security-related inquiries, to report a vulnerability, or to request our latest security documentation, please contact us: We take all security reports seriously and will respond within 48 hours. If you believe you have discovered a security vulnerability, please disclose it responsibly by contacting our security team directly.

• Network isolation within our infrastructure
• Custom security groups and access controls
• Scalable resources with enhanced security
• Hybrid deployment options
• Security inquiries: security@sista.ai
• General inquiries: contact@sista.ai
• Privacy-related requests: support@sista.ai