Trust & Security

Security

Last updated: 22 May 2026

We take the security of your data and your customers’ data seriously. This page explains how we protect it.

Data at rest

🔒

LUKS AES-256 encryption

All customer and conversation data is stored on a LUKS-encrypted volume using AES-256. The encryption key is held exclusively by NeverMissAMessage.

🇩🇪

EU data residency

All data is stored on servers located in Germany (Hetzner Nuremberg data centre), within the European Union.

Data in transit

🔐

TLS 1.2 / 1.3

All communications between your customers and the AI assistant, and between the assistant and your WhatsApp, are encrypted in transit using TLS.

✅

HTTPS enforced

Our website enforces HTTPS with HSTS headers. All HTTP requests are permanently redirected to HTTPS.

Infrastructure

🛡️

Firewall & access control

Server access is restricted by IP allowlist at both the cloud firewall and OS level. SSH access is limited to authorised IPs only.

🔄

Automated backups

Daily automated backups are taken of the server. Backups are retained for 7 days and are monitored for successful completion.

🔧

Security patching

Unattended security updates are enabled on the server. All software packages are kept up to date.

🚫

Brute-force protection

Fail2ban is active on the server, automatically blocking IPs that repeatedly fail authentication.

Application security

🤖

AI guardrails

The AI assistant operates under strict rules. It will not quote prices, confirm bookings, diagnose faults, or pretend to be human. It is configured to hand off anything sensitive to a real person.

🧱

Security headers

Our website is protected with HSTS, Content Security Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers.

🤖

Bot protection

Our signup form is protected by Cloudflare Turnstile to prevent automated abuse.

AI and data use

🚫

No AI training on your data

We do not use your data or your customers’ conversation data to train any AI model. Data sent to our AI provider (Groq) is processed in real time only and is not retained for training.

🔍

Customer data isolation

Each trade business’s configuration and customer data is isolated. No customer data is shared between businesses.

Reporting a security issue

If you believe you have found a security vulnerability in our service, please contact us immediately. We will investigate and respond promptly.

Email: contact@nevermissamessage.co.uk

For our full list of third-party processors, see our Subprocessors page. For data handling details, see our Privacy Policy.