🛡️
Session Flagged

Your session has been flagged for unusual activity.

You can try our app by searching for MultipleChat AI on Google and clicking the multiplechat.ai link to try it free.
Quick verification

Please confirm you're human to continue.


Security

Security built into every layer.

MultipleChat connects you to the world's leading AI models without compromising your data. We don't train on your content, we encrypt it in transit and at rest, and we are transparent about exactly how it flows through the system.

No training on your data Encrypted in transit & at rest Cloudflare edge protection PCI-DSS payments

Architecture

Defence in depth, from the edge to the database.

Every request passes through independent layers of protection. A failure in one does not expose the others.

Layer 1 · Edge

Cloudflare protection

A Web Application Firewall (WAF), DDoS mitigation, bot management, rate limiting, and TLS termination at the network edge — before any request reaches our infrastructure.

Layer 2 · Identity

Auth0 (Okta) authentication

Identity is managed by Auth0, a specialist provider — with multi-factor authentication support, brute-force and credential-stuffing protection, anomaly detection, and session management. We never store passwords in plaintext.

Layer 3 · Application

Hardened on Microsoft Azure

Application logic runs on Microsoft Azure (United States), with HTTPS forced via HSTS, a Content Security Policy, CSRF protection, server-side rate limiting, input sanitization, and secure same-site session cookies.

Layer 4 · Data at rest

Encrypted storage

All data at rest is encrypted with AES-256. Access is controlled by role-based access policies, and access is logged and auditable.

Layer 5 · AI providers

Encrypted model calls

Queries to AI providers travel over TLS-encrypted channels using their commercial API endpoints, under agreements that exclude your data from model training.

Layer 6 · Payments

Stripe, PCI-DSS Level 1

All card processing is handled by Stripe at PCI-DSS Level 1, the highest level of certification. MultipleChat never sees or stores full card numbers, CVV codes, or bank details.

Your data is never used to train AI models.

Your conversations, documents, and uploaded files are never used to train or fine-tune any AI model — not by MultipleChat, and not by the providers we route to. This is contractual, not just policy: we use commercial API agreements with Anthropic, OpenAI, Google, Mistral, Perplexity, and xAI that exclude customer data from training.

Providers do not retain your data beyond the time needed to generate a response. See exactly what each provider does in our Privacy Policy.

Data flow

From your message to your answer. Nothing else.

1

You send a message

Encrypted over TLS to MultipleChat. Your conversation is stored so you can access your history — and deleted whenever you choose.

2

We call the model

Sent over an encrypted API to the provider you selected, under agreements that prohibit using your data for training.

3

You get the answer

Returned to you over TLS. Not sold, not shared for advertising, not used for profiling. Yours.

Compliance & certifications

Honest about where we stand.

Our infrastructure providers are independently certified

We build on providers that hold their own audited certifications: Microsoft Azure (ISO 27001, SOC 2), Cloudflare (SOC 2, ISO 27001), Stripe (PCI-DSS Level 1), and Auth0/Okta (SOC 2, ISO 27001).

MultipleChat's own certification status

MultipleChat is not yet independently SOC 2 certified. Our architecture is designed to align with SOC 2 principles, and enterprise customers can request our current security documentation.

Data protection law

Operated by NLP GmbH, a Swiss company. We comply with the Swiss Federal Act on Data Protection (FADP, revised 2023), the GDPR, UK GDPR, and CCPA/CPRA. International transfers are governed by EU Standard Contractual Clauses.

Breach notification

In the event of a qualifying personal-data breach, we notify the relevant supervisory authority and affected users in line with GDPR Articles 33 and 34.

Found a vulnerability?

We welcome responsible disclosure. If you believe you've found a security issue, report it privately and give us reasonable time to fix it before any public disclosure. Please don't access or modify other users' data while testing.

Report an issue

Security questions

Does MultipleChat train AI models on my data?

No. Your conversations and documents are never used for training. We use commercial API agreements that prohibit providers from using your data for training or model improvement.

Where is my data hosted?

On Microsoft Azure infrastructure in the United States. Data is encrypted in transit and at rest. For users in the EU, UK, and Switzerland, transfers to the US are governed by EU Standard Contractual Clauses.

How is my login protected?

Authentication is handled by Auth0 (Okta), which supports multi-factor authentication and protects against brute-force and credential-stuffing attacks. Passwords are never stored by us in plaintext.

Is MultipleChat SOC 2 certified?

Not yet independently. Our infrastructure providers (Azure, Cloudflare, Stripe, Auth0) hold SOC 2 / ISO 27001 / PCI-DSS certifications, and our architecture is built to align with SOC 2 principles. Enterprise customers can request our current security posture documentation.

Questions about security?

Enterprise teams can request our DPA, sub-processor list, and security documentation. See the full picture in our Trust Center.

Continue learning

See paid plans