Enterprise-grade protection, built in
From access controls to audit logs, every layer of Conversion is designed to keep your most sensitive marketing data secure.
SOC 2 Type II certified · GDPR compliant
Trusted by teams migrating from
Marketo, Pardot, and HubSpot.
Your data, your control
Every feature is built with security as a constraint, not an afterthought. Ensure data stays protected with fine-grained permissions and enforceable multi-factor authentication.
SSO & SAML
Connect your identity provider and enforce SSO with SAML 2.0. Centralize authentication and let your team log in using the credentials they already have.
Role-based access control
Fine-grained RBAC with customizable roles, team-scoped permissions, and object-level access policies. Control what members can see and do across your entire workspace.
SCIM provisioning
Automate user provisioning and deprovisioning with SCIM. Sync team members directly from your identity provider so access stays up to date as your organization changes.
Audit logs
User actions and key events are logged with attribution so you can review who did what and when. Maintain visibility into activity across your workspace.
No model training on your data
Your data is never used to train AI models — by us or by the third-party model providers we use. All AI interactions are ephemeral and operate within strict data boundaries.
Encryption everywhere
All data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Our infrastructure enforces encryption by default at the storage layer, and all connections to and from our services are secured with SSL/TLS.
Enterprise-grade from day one
Conversion meets the highest standards for data security and privacy, so your team can move fast without compromising compliance.
SOC 2 Type II
Independently audited controls for security, availability, and confidentiality. Reports available on request.
GDPR
Full compliance with EU data protection regulations, including data processing agreements, right to erasure, and breach notification.
CCPA
Consumer privacy rights honored by default. Opt-out mechanisms, data access requests, and deletion workflows built into the platform.
Common questions
Details on how we handle your data, respond to incidents, and meet compliance requirements.
No. Your data is never used to train AI models. Our AI features process your data ephemerally to generate outputs, and nothing is retained by model providers except what is necessary for preserving conversational context.
Yes. We provide our most recent SOC 2 Type II report to prospects and customers. Reach out to security@conversion.ai to request a copy.
When you delete data in Conversion, it is soft-deleted immediately and permanently purged from all systems, including backups, within 30 days. Upon contract termination, all customer data is deleted within 60 days, and we provide a certification of deletion upon request.
We follow a documented incident response plan with defined severity levels. Affected customers are notified within 72 hours of a confirmed breach, per our contractual obligations and GDPR requirements. Post-incident reports are shared with affected customers.
Yes. We support SAML 2.0 SSO with all major identity providers including Okta, Azure AD, Google Workspace, and OneLogin. SCIM-based user provisioning and deprovisioning is also available for identity providers that support it.
All sub-processors undergo a security review before onboarding and are re-evaluated annually. We maintain a public list of sub-processors available to all customers upon request to security@conversion.ai.
Ready to see it in action?
Talk to our team about how Conversion meets your security and compliance requirements.