Your session has been flagged for unusual activity.
Please confirm you're human to continue.
MultipleChat connects you to the world's leading AI models without compromising your data. We don't train on your content, we encrypt it in transit and at rest, and we are transparent about exactly how it flows through the system.
Architecture
Every request passes through independent layers of protection. A failure in one does not expose the others.
A Web Application Firewall (WAF), DDoS mitigation, bot management, rate limiting, and TLS termination at the network edge — before any request reaches our infrastructure.
Identity is managed by Auth0, a specialist provider — with multi-factor authentication support, brute-force and credential-stuffing protection, anomaly detection, and session management. We never store passwords in plaintext.
Application logic runs on Microsoft Azure (United States), with HTTPS forced via HSTS, a Content Security Policy, CSRF protection, server-side rate limiting, input sanitization, and secure same-site session cookies.
All data at rest is encrypted with AES-256. Access is controlled by role-based access policies, and access is logged and auditable.
Queries to AI providers travel over TLS-encrypted channels using their commercial API endpoints, under agreements that exclude your data from model training.
All card processing is handled by Stripe at PCI-DSS Level 1, the highest level of certification. MultipleChat never sees or stores full card numbers, CVV codes, or bank details.
Your conversations, documents, and uploaded files are never used to train or fine-tune any AI model — not by MultipleChat, and not by the providers we route to. This is contractual, not just policy: we use commercial API agreements with Anthropic, OpenAI, Google, Mistral, Perplexity, and xAI that exclude customer data from training.
Providers do not retain your data beyond the time needed to generate a response. See exactly what each provider does in our Privacy Policy.
Data flow
Encrypted over TLS to MultipleChat. Your conversation is stored so you can access your history — and deleted whenever you choose.
Sent over an encrypted API to the provider you selected, under agreements that prohibit using your data for training.
Returned to you over TLS. Not sold, not shared for advertising, not used for profiling. Yours.
Compliance & certifications
We build on providers that hold their own audited certifications: Microsoft Azure (ISO 27001, SOC 2), Cloudflare (SOC 2, ISO 27001), Stripe (PCI-DSS Level 1), and Auth0/Okta (SOC 2, ISO 27001).
MultipleChat is not yet independently SOC 2 certified. Our architecture is designed to align with SOC 2 principles, and enterprise customers can request our current security documentation.
Operated by NLP GmbH, a Swiss company. We comply with the Swiss Federal Act on Data Protection (FADP, revised 2023), the GDPR, UK GDPR, and CCPA/CPRA. International transfers are governed by EU Standard Contractual Clauses.
In the event of a qualifying personal-data breach, we notify the relevant supervisory authority and affected users in line with GDPR Articles 33 and 34.
We welcome responsible disclosure. If you believe you've found a security issue, report it privately and give us reasonable time to fix it before any public disclosure. Please don't access or modify other users' data while testing.
Security questions
No. Your conversations and documents are never used for training. We use commercial API agreements that prohibit providers from using your data for training or model improvement.
On Microsoft Azure infrastructure in the United States. Data is encrypted in transit and at rest. For users in the EU, UK, and Switzerland, transfers to the US are governed by EU Standard Contractual Clauses.
Authentication is handled by Auth0 (Okta), which supports multi-factor authentication and protects against brute-force and credential-stuffing attacks. Passwords are never stored by us in plaintext.
Not yet independently. Our infrastructure providers (Azure, Cloudflare, Stripe, Auth0) hold SOC 2 / ISO 27001 / PCI-DSS certifications, and our architecture is built to align with SOC 2 principles. Enterprise customers can request our current security posture documentation.
Enterprise teams can request our DPA, sub-processor list, and security documentation. See the full picture in our Trust Center.
Continue learning
See the AI subscription that replaces separate ChatGPT, Claude, Gemini and Grok accounts.
Multi-model AIRun the same prompt through ChatGPT, Claude, Gemini and Grok before trusting one answer.
GuideChoose the best model for writing, research, coding, documents, images and business work.
Buyer intentOne app for several frontier AI models, side-by-side comparison and model collaboration.
PlatformA professional workspace for using several AI models, comparing answers and creating deliverables.
Core conceptUse several frontier models together for stronger answers and fewer blind spots.
ComparisonCompare several AI answers side by side when the output matters.
WorkflowBuild a professional AI stack for documents, research, writing, images and automation.
Free toolsStart with free tools, then upgrade when multi-model workflows save real time.