Security

A brief security overview of the interchat.io service.

Hosting & Infrastructure

• Hosting provider: Heroku (running on AWS us-east-1, North Virginia, USA)
• Infrastructure isolation: Separate production and sandbox environments
• Network security: All connections enforced over HTTPS/TLS, with firewalls applied by Heroku/AWS

System Architecture

Overview of the InterChat architecture. We rely on Heroku Dynos for scalability. Messages are only processed in transit (not stored). Access tokens are stored securely in an encrypted database.

Data Security

• In transit: TLS 1.2/1.3 for all connections
• At rest: AES-256 encryption for Telegram Bot tokens, Telegram Account sessions, and Intercom user tokens
• Data minimization: No chat data is stored; only access tokens are retained
• Token lifecycle: Tokens are revoked automatically upon uninstall

Access Management

• Role-based access to production systems
• Limited to senior engineers only
• MFA/2FA enforced on all admin accounts

Monitoring & Logging

• Application and infrastructure logs collected
• Alerts configured for unusual activity
• Logs restricted to authorized staff only

Incident Response

• Process: Detection → Containment → Remediation → Notification
• Notification: Customers informed promptly if required by law
• Review: Post-incident analysis conducted to prevent recurrence

Operational Security

• Regular dependency updates and security patching
• Secure coding practices
• Backups handled by Heroku/AWS with standard recovery options

Compliance Roadmap

• Planning external penetration testing
• Evaluating certifications (e.g., ISO 27001, SOC 2)

Contact

For any security or privacy questions, please contact support@interchat.io.