Security & Privacy

Cheqpoint is built with enterprise-grade security as a first principle. We understand that AI actions involve sensitive data and high-stakes operations.

Verifying signatures

javascript

import crypto from 'crypto';

// Use your webhook secret from Settings -> Integrations
const signature = crypto
  .createHmac('sha256', process.env.CHEQPOINT_WEBHOOK_SECRET)
  .update(JSON.stringify(payload))
  .digest('hex');

if (signature !== headers['x-cheqpoint-signature']) {
  throw new Error('Unauthorized');
}

Data Residency

Cheqpoint stores all data in the London, UK region (AWS eu-west-2). We ensure that request payloads are only stored for the duration of your retention policy.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. We use AWS KMS for managing encryption keys.

Authentication (Connection Keys)

Every AI Assistant is authenticated via a cryptographically secure Connection Key (cq_live_...).

Rotation: You can rotate keys instantly in the dashboard if a leak is suspected.
Scoping: Keys are scoped to specific AI Assistants and cannot be used to access other parts of your workspace.

Compliance

Cheqpoint is GDPR compliant and our infrastructure is SOC 2 Type II certified. We provide Data Processing Agreements (DPA) for Enterprise customers.