Security, Privacy and Compliance at armincx
In our privacy policy, we explain in detail which personal data we collect, the reasons for doing so, and how we ensure the security of your information.
You can download the document in german here
For the english version, download here
armincx is used every day by e-commerce brands for customer communication. This page answers the most common questions our customers' IT and data protection teams ask about hosting, encryption, access control, backups, and audit logging.
Certifications and legal basis
ISO 27001 across all Chatarmin products. Your account manager can share the current certificate on request.
Data Processing Agreement (DPA) under Art. 28 GDPR, including TOMs and the full list of subprocessors — publicly available at chatarmin.com/dpa.
Documented concepts for permissions, backups, and logging exist in line with ISO 27001 requirements.
Where is my data stored?
Our entire production infrastructure runs in AWS eu-central-1 (Frankfurt). This covers API servers, workers, the managed Postgres database, object storage, and the secrets manager. Log aggregation (BetterStack) and monitoring are also hosted in EU regions. Data does not leave the EU.
How is data transmitted?
HTTPS and TLS 1.2+ | All external traffic (frontend ↔ API, widget ↔ API, webhooks) runs exclusively over HTTPS. TLS is terminated by Cloudflare with a minimum of TLS 1.2, preferably TLS 1.3. HTTP requests are redirected to HTTPS server-side. |
SFTP / SSH | SSH is used only internally for administrative server access (deployments). There is no customer-facing SFTP endpoint. |
IPSec tunnel | We do not run an IPSec VPN to the customer. Data exchange happens through HTTPS APIs, webhooks, and OAuth integrations. |
How is data encrypted?
At rest: We use AES-256 in two layers. Sensitive integration credentials (OAuth tokens, API keys, shop credentials) are additionally encrypted with AES-256-GCM at the application layer before they are written to the database. The managed Postgres instance and object storage are encrypted at rest with AES-256.
In transit: TLS 1.2+ via Cloudflare, preferably TLS 1.3.
Algorithms: We use AES-256-GCM, classified as state of the art under BSI TR-02102 and NIST SP 800-38D. XChaCha20 is not used.
How is multi-tenancy implemented?
Chatarmin is a multi-tenant SaaS application: shared application, shared database. Tenant separation is enforced via an organization_id column on every table and validated in every API route and service layer. Cross-tenant access is technically impossible.
What personal data is processed?
Processed data includes the name, email address, phone number, chat history, and support history of your end customers as well as account data of agents and admins. Legal basis is data processing under Art. 28 GDPR on the basis of the DPA.
Personal data is required in clear text for customer communication, so end-to-end tokenization is not feasible. On deletion requests under Art. 17 GDPR, the affected data is reliably anonymized or deleted. Internal references in logs and traces use opaque UUIDs only (org_xxx, ai_xxx, UUIDv7), so PII is largely avoided in log systems.
Who has access to my data?
Roles (RBAC) | Configurable roles per organization: Admin, Basic, Support, and Custom. Administrative tasks are separated from standard user functions. Permissions are namespace-based and configurable per feature area. |
MFA (admins and users) | TOTP-based MFA, compatible with Google Authenticator, Authy, 1Password, and others. Admins can enforce MFA for the whole organization. |
Logins | Standard login: email + password + MFA. Federated logins (Google, Apple, Microsoft) are not mandatory. Domain restriction and SAML/SSO are available in the enterprise setup. |
Passwords | Stored only as salted hashes (bcrypt / argon2), never in clear text. Account sharing is forbidden by contract. |
How are backups handled?
Daily backups of the production database, run automatically by Chatarmin and the managed database provider (AWS / Supabase, eu-central-1).
Point-in-time recovery over 7 days.
Object storage (file attachments) is versioned and replicated.
AES-256 for all backups at rest, transport via TLS.
You do not need to run your own backups — Chatarmin handles this as the cloud operator.
How do you protect the platform from attacks?
Cloudflare acts as reverse proxy and WAF in front of all publicly reachable infrastructure (API, widget, proxy). This includes rate limiting, bot management, and layer 3/4 and layer 7 DDoS protection.
How can I export or delete my data?
Self-service export: Tickets, contacts, messages, and attachments can be exported from the UI at any time.
End of contract: On request we provide a full data dump.
Deletion: All customer data is deleted within 30 days after the contract ends (Art. 17 GDPR).
What is logged?
We run end-to-end audit logging across the entire API layer. All authenticated requests are captured in a structured way via OpenTelemetry and persisted in BetterStack (EU).
Access (admin and user) | userId, organizationId, IP, user agent, endpoint, and timestamp are logged for every request. |
Settings and configuration changes | AI agent settings, channel settings, integrations, and role permissions: request payload, user, and timestamp are logged. Relevant tables include created_by, updated_by, created_at, and updated_at. |
Database changes | Change data capture via Sequin provides a forensic, complete history of all database changes. |
Retention | Tamper-evident, minimum 30 days, configurable up to 12 months. |