Architecture & hosting
Meir AI is hosted exclusively on infrastructure located in the European Union. No customer data leaves the EU.
Our app servers and databases run on ISO 27001 and SOC 2 Type II certified cloud providers. Backups are encrypted and stored in a separate EU region for resilience.
Encryption
- In transit: TLS 1.3 enforced on all communications (HTTPS, WhatsApp Business API, webhooks).
- At rest: AES-256 encryption on all stored data (PostgreSQL, S3-compatible, secrets).
- Keys managed by a dedicated KMS, automatic rotation.
Authentication & access
All integrations use OAuth 2.0. No third-party passwords are ever stored. Tokens are encrypted in the DB and rotated regularly.
Internal admin access to infrastructure requires SSO + mandatory MFA, with full audit log.
Multi-tenant isolation
Each customer has a logically isolated space. No data is shared across customers. Queries are filtered at the DB level by tenant ID. No cross-leak possible.
AI models & privacy
Requests sent to AI models (OpenAI, Anthropic) go through their enterprise APIs under zero data retention contracts.
Your data is NEVER used to train models. Whisper transcriptions (voice notes) are deleted after processing.
Compliance & certifications
- GDPR compliant (EU 2016/679).
- SOC 2 Type II: certification in progress, expected Q4 2026.
- ISO 27001: 2027 roadmap.
- DPA signable by all customers on request: ilan@meir-ai.com.
Incident response
We commit to notifying any security incident affecting customer data within 72 hours, per GDPR article 33.
Bug bounty program: ilan@meir-ai.com to report a vulnerability.
Audit & logs
Every action executed by Meir AI is logged: who, what, when, on which tool. Audit logs are accessible to customers on Enterprise plans (Pro+ in beta).
Default retention: 12 months. Configurable to your policy.