Data protection
- Encryption in transit (TLS 1.2+) for dashboard and API traffic.
- Encryption at rest for stored transcripts and audit logs.
- Configurable retention for tickets and audit logs.
Note
For strict environments, combine shorter retention in Stavent with scheduled export to your own storage.
Access controls
Stavent supports least-privilege via roles, scoped tokens, and (optionally) SSO group mapping. Recommended controls:
- Require 2FA for workspace owners/admins.
- Rotate API tokens on a schedule.
- Restrict webhook endpoints by IP allowlist where possible.
Compliance
Stavent is designed to support common requirements (SOC 2, GDPR). Typical features include audit exports, data deletion requests, and access reviews.
Warning
Compliance is shared responsibility. Your configuration and downstream storage matter.
Incident response
Stavent provides workspace-level event timelines so you can reconstruct what happened during incidents. Pair this with external log storage for long-term investigations.