Built so we
can't read your messages.
Most support tools can read every conversation you run through them. Viewbot is built the other way around: turn on zero-access and your conversations are encrypted to a key only your team holds. This page explains exactly how — and, just as importantly, where the honest limits are.
Last updated: June 2026
The security model
Viewbot offers three levels of protection. Every account gets encryption in transit and at rest. Teams that need more can turn on zero-access encryption, and our website chat widget is end-to-end encrypted.
| Level | What it means | Who holds the key |
|---|---|---|
| Encrypted at rest | All message data is encrypted in our database with per-tenant keys. A stolen database backup is useless without the key. | Viewbot (per-organization) |
| Zero-access | Messages are sealed to your organization's public key the moment they arrive. We store ciphertext we cannot open. | You only |
| End-to-end (web widget) | Messages are encrypted in the visitor's browser and decrypted only on your agents' devices. Our servers relay sealed data. | You + the visitor |
Chain of custody — the honest version
We don't overstate this, because the people evaluating us check. On third-party channels (WhatsApp, Telegram, Instagram, Messenger), the provider decrypts and processes messages before they ever reach us — that is true for every tool in our category, and no vendor can change it. What we control is our own link in the chain, and there we reduce stored, readable data to zero.
| Link | Sees message content? | Whose responsibility |
|---|---|---|
| Provider transport (e.g. WhatsApp) | Encrypted in transit by the provider | The provider |
| Provider platform (e.g. Meta Cloud API) | Yes — processes & briefly retains | The provider, under your agreement with them |
| Viewbot (zero-access org) | Milliseconds in memory at ingest; never stored readable | Us — this is our guarantee |
| Viewbot web widget | Never — end-to-end encrypted | Us — blind relay |
In short: with any competitor, two links can read your conversations. With Viewbot in zero-access mode, only one — the provider you already chose — and on our own web widget, none.
Encryption details
Keys
- Each organization has its own key. In zero-access mode the keypair is generated in your browser; the private key never reaches our servers.
- The private key is wrapped with a recovery code shown once, or unlocked with a passkey on supported devices. We store only the wrapped form, which we cannot open.
- At-rest encryption uses per-tenant data keys (envelope encryption), wrapped by a master key held in a managed key service.
Algorithms
- Message sealing: X25519 key agreement → HKDF-SHA-256 → AES-256-GCM authenticated encryption.
- At-rest fields: AES-256-GCM. Key wrapping: AES-256-GCM with per-key random salts.
- Modern, standard primitives only — no custom cryptography. A post-quantum upgrade path (hybrid X25519 + ML-KEM) is on our roadmap.
Recovery
Because only you hold the key, losing both your devices and your recovery code means encrypted history cannot be recovered — by you or by us. That is the point of zero-access, and we make the trade-off explicit when you enable it.
Data handling & minimization
- We minimize what we keep. We don't persist raw provider payloads beyond what's needed, and we don't store visitor IP addresses for the live map.
- Retention you control. Conversations, media and visitor records are purged on a schedule; sensitive fields carry a defined lifetime.
- No message content in logs. Our logs record metadata and lengths, never message bodies — enforced by an automated check in our build pipeline.
- AI is opt-in. In zero-access mode, AI never reads your messages unless you explicitly enable it; when on, content is processed in-flight and never stored in readable form.
Sub-processors
We use a small set of infrastructure providers (cloud hosting, real-time delivery, and the AI model provider you choose). A current list and a Data Processing Agreement are available on request for Enterprise evaluations.
Access & tenancy
- Every record is scoped to your organization; cross-tenant access is blocked and guarded by automated tests.
- Enterprise plans can use a dedicated database and bring their own encryption key.
- Role-based access, SSO/SAML and audit logs are available for Enterprise.
Responsible disclosure
If you believe you've found a security issue, we want to hear from you. Email security@viewbot.dev with details and steps to reproduce. We investigate every report and will keep you updated. Please don't access data that isn't yours or run tests that degrade service for others.
Talk to our security team
Evaluating Viewbot for a privacy-sensitive use case? Our security team will walk your team through the architecture, answer a questionnaire, and share what you need for diligence.