Security & Compliance

Official APIs only

Every channel integration uses the platform’s official, Meta- or Telegram-approved API — Instagram Graph API, WhatsApp Business Cloud API, Facebook Messenger API, Telegram Bot API. InboundPilot never uses scraping, browser automation, or unofficial workarounds to send or receive messages, so connecting InboundPilot does not put your business accounts at risk of platform bans.

Per-business data isolation

Each business’s conversations, leads, and knowledge base are isolated from every other business on the platform. Data access is scoped per account at every layer, including for the MCP server used by AI agents.

Reviewed knowledge, not free-form generation

The AI does not invent answers about your business. Qualifying questions are explicitly configured by you, and factual answers are drawn only from knowledge-base content you’ve reviewed and approved — see Knowledge Base and AI Lead Qualification.

Credentials

Platform access tokens (Meta, Telegram, WhatsApp, email) are stored encrypted and are never exposed to AI agents or end users.

Questions

For security questions not answered here, contact hello@inboundpilot.xyz.