Security
Automate Admits handles real conversations with real people, and we treat that data with care. This page explains the technical and organizational measures we use to protect it. Security is ongoing work, and we improve these practices over time.
Infrastructure
Automate Admits runs on Cloudflare's global edge platform. The application, storage, and database are operated through Cloudflare's network, which provides DDoS protection and a hardened, automatically patched runtime. Each customer organization's data is logically isolated within our multi-tenant database and scoped to that organization on every request.
Encryption in transit
All traffic to and from the Service is served over HTTPS/TLS. Requests made over plain HTTP are redirected to HTTPS. Communication with the third-party services we rely on (such as our AI provider, payment processor, and email provider) likewise takes place over encrypted connections.
Authentication & access
- Passwords are never stored in plain text. They are kept only as a salted hash, so the original password cannot be recovered from our records.
- Sessions are maintained with a secure session cookie; we do not use advertising cookies.
- Least privilege. Access to systems and customer data is limited to the people who need it to operate and support the Service.
- Channel tokens used to send and receive messages on a connected Facebook Page or Instagram account are stored to operate the Service and can be revoked by disconnecting the channel at any time.
Webhook verification
Incoming messages from Meta platforms arrive through webhooks. We verify the signature on these requests before processing them, so we only act on payloads that genuinely originate from the platform.
AI processing
To generate automated replies, conversation content and your configured agent instructions are sent over encrypted connections to our AI provider (Anthropic) to produce a response. You control whether automated replies are enabled and can take over any conversation manually at any time. See our Privacy Policy for details on how message content is processed.
Subprocessors
We use a small set of vetted service providers to operate the Service, each under contractual confidentiality and security obligations:
- Cloudflare — application hosting, storage, and database.
- Anthropic — AI processing of message content to generate replies.
- Square — payment processing for customer subscriptions.
- Resend — delivery of transactional and service emails.
- Meta Platforms — to receive and send messages through Facebook and Instagram.
Data retention & deletion
We keep personal information only as long as it is needed to provide the Service, and then only as required for legitimate business or legal purposes. Customers can disconnect a channel at any time, and can request deletion of their account and associated data. End users can request deletion of their conversation data. Full details and contact addresses are in our Privacy Policy.
Your responsibilities
Security is shared. We recommend using a strong, unique password, limiting team access to those who need it, removing teammates promptly when they leave, and disconnecting channels you no longer use.
Reporting a vulnerability
If you believe you've found a security issue, please email hello@automateadmits.com with the details and steps to reproduce. We appreciate responsible disclosure and will work with you to confirm and address valid reports. Please don't access or modify other users' data, degrade the Service, or publicly disclose an issue before we've had a chance to fix it.