emi chat
México · LFPDPPP

Enterprise-grade security and privacy

Multi-layer protection for your business and customer data. Military-grade encryption, Mexican legal compliance and built-in fault tolerance from day one.

Encryption & Protection

Every sensitive piece of data is encrypted, masked and verified before being stored or processed.

AES-256-GCM Encryption

  • AES-256-GCM for all credential columns at rest
  • Meta tokens encrypted
  • Per-tenant data isolation on every query

PII / PCI Masking

  • Credit cards (Luhn validation) → ****-****-****-1234
  • CURP (national ID) → [CURP PROTECTED]
  • RFC (tax ID) → [RFC PROTECTED]
  • CLABE (bank account) → [CLABE PROTECTED]
  • 14 prompt injection patterns removed

Webhook Verification

  • Meta: HMAC-SHA256 with timing-safe comparison

Access Control

Robust authentication, rate limits and automatic failure recovery.

JWT Authentication

  • Tokens with 24-hour expiration
  • Per-tenant data isolation (every query filtered by tenantId)
  • Role-based control: owner vs. agent

Rate Limits

  • 100 requests per minute (global limit)
  • 5 login attempts per 15 minutes per IP
  • Automatic brute force attack protection

4 Circuit Breakers

Automatic opening on sustained failures, gradual recovery with backoff and health check every 5 minutes.

llmmetastripe

ARCO / LFPDPPP Compliance

Full compliance with Mexico's Federal Law on Protection of Personal Data Held by Private Parties. All 4 ARCO rights natively integrated.

Access

Give me all my data — automatic export as a signed URL.

Rectification

Correct my data — field-by-field correction.

Cancellation

Delete my data — anonymization of personal information.

Opposition

Stop processing my data — processing halt.

Additional Compliance

  • REPEP (national advertising exclusion registry) synced weekly
  • Spanish opt-in / opt-out keyword tracking
  • Legal campaign hours: 9 AM – 9 PM Mexico City
  • 20 business day SLA for ARCO requests