Security Policy

UrsBot applies layered technical and organizational controls designed to protect customer data against unauthorized access, loss, misuse, and disruption.

Our security program includes secure development practices, role-based access controls, environment separation, and continuous monitoring of production systems.

Production infrastructure is restricted to authorized personnel with a business need and is protected through authentication, logging, and least-privilege access principles.

• Administrative access is limited and reviewed regularly.
• Sensitive secrets and credentials are managed separately from application code.
• System activity is logged to support investigations, auditing, and incident response.

We use encryption in transit and reasonable safeguards for data at rest where supported by our infrastructure providers. Backups and recovery processes are designed to support service continuity.

Customers are responsible for configuring their own chatbot content, retention settings, and connected systems in a way that matches their compliance obligations.

UrsBot maintains internal processes for identifying, triaging, containing, and remediating security incidents. When required by law or contract, affected customers will be notified within a reasonable timeframe after confirmation of a material incident.

Security concerns, vulnerability reports, and abuse reports can be submitted through our contact channel for prompt review by the team.