Security at Daros

Last updated: June 10, 2026

Demos carry your product story and your prospects’ details. Here’s how we protect both.

Infrastructure

• Hosted on enterprise cloud infrastructure with our primary data region in the EU (Frankfurt).
• All traffic encrypted in transit (TLS 1.2+); data encrypted at rest.
• Isolated service architecture — analysis, knowledge base, leads, and billing run as separate services with least-privilege access.

Application security

• Single-tenant data scoping per organization, enforced at the API layer.
• OAuth tokens for integrations stored encrypted (AES-256-GCM).
• Signed, expiring tokens for embedded demo sessions; demo access can be password-gated.
• Rate limiting and abuse monitoring on all public endpoints.

AI safety

• Demo agents answer from your content and knowledge base — with guardrails against prompt injection and off-topic drift.
• Microphone access in the widget is explicit opt-in, with a visible indicator.
• Your content is never used to train foundation models.

Payments

Card data is handled entirely by Stripe (PCI-DSS Level 1); Daros never stores card numbers.

Disclosure

Found a vulnerability? Email security@daros.ai — we acknowledge reports within 48 hours and keep you updated through resolution. Enterprise customers can request our security documentation and DPA via team@daros.ai.