Real-time status, data practices, privacy commitments, and responsible AI principles · all in one place.
All systems monitored 24/7. Incidents disclosed within 2 hours of detection with regular updates until resolution.
Core AI response pipeline and widget delivery. No active incidents.
Workspace management, analytics, and live support console. Operational.
CRM, ERP, and third-party webhook delivery. All connectors healthy.
Login, session management, and SSO provider connections. No issues.
Knowledge base documents, media uploads, and export storage.
Outbound alerts, escalation notifications, and report delivery.
NIVA does not sell, rent, or use your data to train AI models without explicit consent.
We never sell or share your data or your customers' data with third parties for commercial purposes. Full stop.
Your conversation data, knowledge bases, and business information are never used to train foundation AI models.
We support access, portability, correction, and deletion requests. DPA available for GDPR-covered processing.
Enterprise customers can choose their primary data region. Data stays within the agreed geography for storage and processing.
Set your own conversation retention period. Data deleted on schedule with cryptographic erasure confirmation available.
In the event of a data breach affecting your account, we notify you within 72 hours as required by GDPR and applicable laws.
All subprocessors are vetted, contractually bound to data protection obligations, and reviewed annually.
| Provider | Purpose | Category | Data Region |
|---|---|---|---|
| Amazon Web Services | Cloud infrastructure and hosting | Infrastructure | US / EU |
| Google Cloud Platform | ML infrastructure and storage | Infrastructure | US / EU |
| Anthropic / OpenAI | Foundation AI model inference | AI Provider | US |
| Stripe | Payment processing | Payments | US |
| SendGrid / Postmark | Transactional email delivery | Communications | US |
| Cloudflare | CDN, WAF, and DDoS protection | Security | Global |
All P1 and P2 incidents publicly disclosed within 24 hours. Post-mortems published within 7 days of resolution.
Scheduled maintenance communicated at least 72 hours in advance via email and status page with estimated impact window.
All product changes, API version updates, and deprecation notices published in a versioned changelog before taking effect.
Annual penetration test summary available to enterprise customers under NDA. Compliance attestations on request.
30-day notice before adding or replacing a subprocessor that processes personal data. Right to object included.
Privacy Policy and Terms of Service changes communicated at least 30 days before taking effect for existing customers.
NIVA is an AI product. We take our responsibilities around AI safety, fairness, and transparency seriously.
No hallucination amplification. NIVA is configured with grounding controls and knowledge-source constraints to minimize hallucination risk. Agents are instructed to express uncertainty rather than guess.
Human-in-the-loop escalation. Every NIVA deployment supports live agent escalation. Customers can configure automated topics that always route to a human.
Harmful content filtering. Built-in guardrails prevent generation of illegal, harmful, or policy-violating content. Administrators can configure additional domain restrictions.
Bias monitoring. We monitor response patterns and flag anomalies. Customers have access to conversation analytics to audit agent behavior at scale.
Transparency with end users. NIVA agents are designed to disclose AI involvement when asked. We do not support impersonation of human agents without explicit disclosure.
Request our full compliance documentation, DPA, or security questionnaire through our contact form.