Security & Compliance — EIAAW AI Sales Agent

1. Service status

Target monthly uptime: 99.5% on paid plans. This is an operational target, not a contractual SLA. Material incidents affecting customer data are emailed to account owners within 24 hours. A dedicated status page is on our roadmap.

2. Data protection

Encryption in transit	TLS 1.2+ on all HTTPS endpoints; HSTS preload-eligible configuration
Encryption at rest	Provided by the hosting platform (Railway) and by each sub-processor (Stripe, Anthropic, Retell, Resend) under their respective security programmes. We do not operate our own storage layer.
Password hashing	`bcrypt` with cost factor 10; legacy SHA-256 hashes auto-upgraded on next login
Secrets at rest	Credentials (SMTP, Stripe, voice provider keys) stored encrypted in the `settings` table, decrypted only inside the server process
PII minimisation	Voice call transcripts are truncated to a 500-character preview server-side; full audio remains with the voice provider under their retention policy
Session handling	Opaque 32-byte `crypto.randomBytes` bearer tokens, expire 24h after issue and 30min idle

3. Access control

Least privilege by role: operator / manager / admin roles scoped via middleware on every route.
Row-level tenancy: leads, campaigns, and pipeline rows are joined on user_id; cross-tenant reads are blocked at the query layer.
Password reset: one-hour expiring tokens; all active sessions for the user are revoked on reset.
Idle lockout: 30-minute inactivity invalidates the session.
Engineering access to production data is restricted, logged, and used only to respond to incidents or explicit support requests.

4. Application security

Parameterised SQL queries throughout — no string-concatenated SQL.
Input validation on every API route; output encoding in the UI.
OWASP Top 10 threat model applied during design; IDOR tests on every owner-scoped resource.
Static files served with maxAge: 0 and ETag so security-relevant changes take effect on next request.
Dependencies are monitored for CVEs. Target patching windows: critical advisories within 7 days of a fix being available, high severity within 30 days. Targets, not contractual SLAs.

5. Network & headers

HTTPS	Forced on all public endpoints; HTTP redirects 301 to HTTPS
CSP	Restrictive Content Security Policy via Helmet — script, style, image, and connect sources are explicitly allow-listed
CORS	Origin allow-list: `sa.eiaawsolutions.com`, the Railway production domain, and local development; `credentials: true`
CSRF	Bearer-token authentication on state-changing endpoints, plus Origin-header check for cookie-bearing calls
Clickjacking, MIME sniffing, Referrer-Policy	Applied via Helmet's default hardened header set (including `X-Frame-Options`, `X-Content-Type-Options: nosniff`, and a restrictive `Referrer-Policy`). We do not override the defaults.

6. Rate limiting

General API	120 requests / minute / IP
Login endpoint	10 attempts / 15 minutes / IP — defends against credential stuffing
AI agent endpoints	10 requests / minute / authenticated user
Outbound email (per user)	3 / minute — protects sender reputation
Monthly quotas	Enforced per plan for leads, campaigns, AI actions, voice calls, contact reveals

7. AI safety & OWASP LLM Top 10

The Service relies on Anthropic's Claude models for lead scoring, qualification, and copy generation. We align to the OWASP LLM Top 10 (2024):

Risk	Control
LLM01 Prompt injection	System prompts are fixed server-side; user input is clearly delimited; tool use is whitelisted; outputs are treated as untrusted data
LLM02 Insecure output handling	LLM outputs are sanitised before display; never executed as code; voice tool-callbacks are validated server-side
LLM03 Training-data poisoning	We do not fine-tune; we use Anthropic's hosted models only
LLM04 Model DoS	Per-user rate limits + per-campaign and per-account budget ceilings (USD); requests abort when budget exceeded
LLM05 Supply-chain	Only Anthropic's official SDK; pinned versions; CVE monitoring
LLM06 Sensitive info disclosure	Customer context is scoped per user; no cross-tenant context leakage; AI cost log stores token counts, not message bodies
LLM07 Insecure plugin design	Tool calls (`send_overview`, `schedule_meeting`, etc.) validate inputs, check the caller's ownership, and never execute arbitrary code
LLM08 Excessive agency	Human approval required for outbound messages; AI cannot send unapproved email or change billing without explicit user action
LLM09 Overreliance	UI surfaces AI outputs as suggestions, with explicit "review before send" affordances; model rationale is shown alongside scores
LLM10 Model theft	Not applicable — we do not host model weights

No training on your data by us. We do not fine-tune models on Customer Data and we do not sell, publish, or share Customer Data beyond the sub-processors required to deliver the Service. Data sent to Anthropic is processed under their published API terms — see Privacy §5.

8. Email security

Primary delivery via Resend; SMTP fallback uses TLS connections.
Bounce and complaint feedback from Resend is ingested at /api/tracking/webhook and used to update lead engagement state.
Customer commitment: customers using their own sending domain are responsible for configuring SPF, DKIM, and DMARC records so that outbound mail is authenticated. We publish a setup guide and will not enable a custom domain until the records validate.
Every outreach template must include a working unsubscribe link (see Terms §6).

9. Voice security

Voice calls are placed and recorded via Retell AI. Transport is encrypted end-to-end between Retell's infrastructure and our application.
Call links shared with prospects are single-use and expire after 24 hours (prospect-initiated) or 7 days (outbound invite).
Transcript previews stored in our database are capped at 500 characters; full audio remains with Retell subject to their retention policy.
The AI agent discloses its nature at the start of each call where local law requires.

10. Infrastructure

Hosting: Railway (US-West region), containerised deployment, managed TLS.
Data store: managed SQLite / Postgres on Railway with encryption at rest.
Build isolation: each deploy is an immutable container image; only the running container has access to production secrets, which are injected at runtime.
Source control: GitHub with protected main branch; deploys require manual trigger (railway up).
Logs: structured application logs. Retention and redaction follow our hosting provider's defaults; we do not write passwords, session tokens, payment card data, or AI message bodies to application logs.

11. Backup & disaster recovery

Database backups: we rely on the backup programme of our hosting provider (Railway). Retention, cadence, and restore procedures follow Railway's operational controls for the plan tier we are on.
Our target Recovery Time Objective (RTO): 4 hours for a full-region outage. This is a target, not a contractual guarantee.
Our target Recovery Point Objective (RPO): 24 hours.
Restore-test commitment: we commit to exercising restore procedures against a staging database at least once per year, and to publishing a summary of the test outcome.

12. Compliance alignment

We design the Service to align with the frameworks below. Unless explicitly noted otherwise, these are design-alignment statements, not third-party certifications.

Malaysia PDPA 2010 — Notice & Choice, data subject rights, and sub-processor transparency reflected in our Privacy Policy.
EU GDPR — design-aligned: lawful basis, data subject rights, processor transparency, and reliance on sub-processors' Standard Contractual Clauses for cross-border transfers.
UK GDPR & PECR — equivalent treatment for UK residents; we do not set tracking cookies on public pages, so a cookie banner is not required.
CAN-SPAM (US), CASL (Canada), Spam Act 2003 (Australia) — obligations passed through to the customer as the sender, and reinforced by Terms §6.
TCPA (US) & equivalent voice-calling laws — the customer is the caller of record; the Service assists with compliance but does not replace the customer's due diligence.
PCI-DSS — card data is never handled by our servers. Stripe tokenises at source; our environment is in SAQ-A scope.
OWASP ASVS L2 & OWASP Top 10 — guiding baselines for our application security work.
EU AI Act — we classify the Service as a limited-risk generative AI system. We meet the transparency and human-oversight expectations of Art. 50 by (a) disclosing AI origin to recipients where required, (b) requiring human approval for outbound actions by default, and (c) logging AI actions.
SOC 2 Type I — roadmap target: we intend to pursue SOC 2 Type I readiness. A completion date will be published once scoping is finalised. This is an objective, not an achieved certification.

13. Incident response

We follow a published response policy with the commitments below. These are the response targets we operate against; they are not contractual SLAs unless stated in a signed order form.

Detection: we monitor platform alerts for elevated error rates, authentication anomalies, and sub-processor webhook failures.
Triage target: an incident owner takes charge within 30 minutes of a confirmed issue during business hours (Kuala Lumpur, UTC+8), within 2 hours outside business hours.
Customer notification commitment: account owners notified within 24 hours where their data is materially affected.
Regulator notification: within 72 hours where required under GDPR Art. 33 or equivalent law.
Post-mortem commitment: a written root-cause analysis is shared with affected customers within 14 days of resolution.

14. Responsible disclosure

Found a vulnerability?

We welcome coordinated disclosure from security researchers. If you believe you have found a security issue in EIAAW SalesAgent, please email [email protected] with:

A description of the issue and its impact;
Reproduction steps or a proof of concept;
Your contact details for follow-up.

We commit to: acknowledging your report within 72 hours, providing a triage decision within 7 days, and keeping you informed through remediation. We will not pursue legal action against researchers acting in good faith within this policy (no data exfiltration, no disruption of service, no social engineering of our staff or customers).

15. Sub-processors

See the Privacy Policy §6 for the full, current list of sub-processors. We notify account owners by email at least 30 days before onboarding a new sub-processor that processes Customer Data.

16. Contact

Security, compliance, or trust enquiries:

EIAAW SOLUTIONS (SSM Reg. No. 202603133419 / CT0164540-H)
Kuala Lumpur, Malaysia
Email: [email protected]

Built with the controls a sales team needs.

TLS 1.2+ in transit

bcrypt + bearer tokens

Human-in-the-loop

Rate-limiting everywhere

1. Service status

2. Data protection

3. Access control

4. Application security

5. Network & headers

6. Rate limiting

7. AI safety & OWASP LLM Top 10

8. Email security

9. Voice security

10. Infrastructure

11. Backup & disaster recovery

12. Compliance alignment

13. Incident response

14. Responsible disclosure

Found a vulnerability?

15. Sub-processors

16. Contact