Customers
Pricing
Resources
Solo

Security at Solo

Keeping your codebase secure is our top priority. This page covers our security practices and policies.

Multiplying the impact of CX and development teams at the world's fastest growing companies

Loading...

Table of contents

  • Certifications and third-party assessments
  • Penetration test
  • SOC 2 Type II
  • Data Storage and Encryption
  • US-based Infrastructure
  • Encryption
  • Embeddings
  • Data in Transit
  • Offboarding and Data Deletion
  • AI model usage
  • Model usage
  • Preventing model training
  • Access and Permissions
  • SSO and Identity Management/IDP
  • GitHub OAuth
  • Slack
  • Admin Portal
  • Incident Management
  • Business Continuity

Certifications and third-party assessments

On an annual basis, Solo invites third party auditors to review our security and policies. This helps us maintain an objective view of our security posture.

Penetration test

Solo hires a third party to perform a penetration test on our infrastructure. This test is performed on an annual basis. The results of the test can be found in our Trust Center. Solo maintains a zero-tolerance policy for any severe, high, or medium risks found in the test.

SOC 2 Type II

Solo adheres to AICPA's SOC 2 Type II standards. This certification is performed on an annual basis by a third party auditor and in tandem with Vanta. The results of the certification can be found in our Trust Center.

Data Storage and Encryption

US-based Infrastructure

All production services and data are hosted on Heroku (security page) and Pinecone (security page). All data storage is located within the United States.

Encryption

Solo uses AES-GCM encryption via Rails Active Record Encryption, which provides authenticated encryption to ensure both confidentiality and integrity of your data.

Embeddings

Solo stores vector embeddings in Pinecone to power accurate question matching. These embeddings cannot be reverse-engineered into raw code, and no source code is stored in Pinecone. Pinecone encrypts all data at rest and in transit, giving an additional layer of protection to the limited data stored there.

Data in Transit

Solo uses HTTPS and TLS to secure all data in transit, and we enforce TLS 1.2 or higher across the platform. This ensures that only modern, secure cipher suites are allowed and that communication between clients and Solo maintains strong encryption and protection against known vulnerabilities.

Offboarding and Data Deletion

Upon request, all data stored by Solo—both in Heroku and Pinecone—can be permanently deleted. For data sent to large language models (such as Gemini), Solo maintains zero-day retention agreements.

AI model usage

Model usage

We use Google Gemini. Only in some exceptions do we allow enterprise customers to bring their own models in.

Preventing model training

Customer data is not used to train Solo or any third-party models. This includes all code, metadata, questions, and Slack interactions.

Access and Permissions

Solo is designed to follow standard enterprise practices. This includes limiting access and following the principle of least privilege:

SSO and Identity Management/IDP

Solo supports Google authentication, enabling users to log in through their organization's Google accounts. This leverages Google's secure SSO framework, strong password policies, and multi-factor authentication options, ensuring that identity verification meets enterprise standards.

GitHub OAuth

Solo authenticates through GitHub OAuth using read-only access. Solo can only read code and repository metadata in order to generate product knowledge. It cannot make commits, open pull requests, or modify your code in any way.

Slack

Solo operates only in Slack channels that your administrators approve, and interaction is limited to users in those channels. To respond accurately in threads, Solo must have access to the channel conversations it is deployed in. Direct messages are also supported when enabled. Administrators maintain complete control over Solo's access and permissions.

Admin Portal

Solo provides an implementation admin with access to its configuration portal, which includes granular roles and permissions that dictate what actions each user can take. Administrators can invite additional admins and manage user or channel level access through allow lists to maintain strong access controls.

Incident Management

Solo uses Rollbar for continuous, real time monitoring of system behavior. Errors or anomalies trigger automated alerts to the engineering team's Slack channel, ensuring fast triage and response.

During an incident:

  • The status page is promptly updated with the issue, duration, and affected users
  • A post mortem outlining root cause and remediation steps is published once resolved
  • Customers receive notification within 24 hours of identification, per Solo's SLA

Business Continuity

Solo is architected for high availability and rapid recovery:

  • Heroku provides automated daily backups and failover support
  • Code embeddings can be regenerated directly from source code if needed
  • Rollbar integration enables rapid detection and response to errors

Solo also maintains a formal Business Continuity and Disaster Recovery plan, which details how services are restored and maintained during disruptive events. This plan is available in our Trust Center.

Table of contents
  • Certifications and third-party assessments
  • Penetration test
  • SOC 2 Type II
  • Data Storage and Encryption
  • US-based Infrastructure
  • Encryption
  • Embeddings
  • Data in Transit
  • Offboarding and Data Deletion
  • AI model usage
  • Model usage
  • Preventing model training
  • Access and Permissions
  • SSO and Identity Management/IDP
  • GitHub OAuth
  • Slack
  • Admin Portal
  • Incident Management
  • Business Continuity

Certifications and third-party assessments

On an annual basis, Solo invites third party auditors to review our security and policies. This helps us maintain an objective view of our security posture.

Penetration test

Solo hires a third party to perform a penetration test on our infrastructure. This test is performed on an annual basis. The results of the test can be found in our Trust Center. Solo maintains a zero-tolerance policy for any severe, high, or medium risks found in the test.

SOC 2 Type II

Solo adheres to AICPA's SOC 2 Type II standards. This certification is performed on an annual basis by a third party auditor and in tandem with Vanta. The results of the certification can be found in our Trust Center.

Data Storage and Encryption

US-based Infrastructure

All production services and data are hosted on Heroku (security page) and Pinecone (security page). All data storage is located within the United States.

Encryption

Solo uses AES-GCM encryption via Rails Active Record Encryption, which provides authenticated encryption to ensure both confidentiality and integrity of your data.

Embeddings

Solo stores vector embeddings in Pinecone to power accurate question matching. These embeddings cannot be reverse-engineered into raw code, and no source code is stored in Pinecone. Pinecone encrypts all data at rest and in transit, giving an additional layer of protection to the limited data stored there.

Data in Transit

Solo uses HTTPS and TLS to secure all data in transit, and we enforce TLS 1.2 or higher across the platform. This ensures that only modern, secure cipher suites are allowed and that communication between clients and Solo maintains strong encryption and protection against known vulnerabilities.

Offboarding and Data Deletion

Upon request, all data stored by Solo—both in Heroku and Pinecone—can be permanently deleted. For data sent to large language models (such as Gemini), Solo maintains zero-day retention agreements.

AI model usage

Model usage

We use Google Gemini. Only in some exceptions do we allow enterprise customers to bring their own models in.

Preventing model training

Customer data is not used to train Solo or any third-party models. This includes all code, metadata, questions, and Slack interactions.

Access and Permissions

Solo is designed to follow standard enterprise practices. This includes limiting access and following the principle of least privilege:

SSO and Identity Management/IDP

Solo supports Google authentication, enabling users to log in through their organization's Google accounts. This leverages Google's secure SSO framework, strong password policies, and multi-factor authentication options, ensuring that identity verification meets enterprise standards.

GitHub OAuth

Solo authenticates through GitHub OAuth using read-only access. Solo can only read code and repository metadata in order to generate product knowledge. It cannot make commits, open pull requests, or modify your code in any way.

Slack

Solo operates only in Slack channels that your administrators approve, and interaction is limited to users in those channels. To respond accurately in threads, Solo must have access to the channel conversations it is deployed in. Direct messages are also supported when enabled. Administrators maintain complete control over Solo's access and permissions.

Admin Portal

Solo provides an implementation admin with access to its configuration portal, which includes granular roles and permissions that dictate what actions each user can take. Administrators can invite additional admins and manage user or channel level access through allow lists to maintain strong access controls.

Incident Management

Solo uses Rollbar for continuous, real time monitoring of system behavior. Errors or anomalies trigger automated alerts to the engineering team's Slack channel, ensuring fast triage and response.

During an incident:

  • The status page is promptly updated with the issue, duration, and affected users
  • A post mortem outlining root cause and remediation steps is published once resolved
  • Customers receive notification within 24 hours of identification, per Solo's SLA

Business Continuity

Solo is architected for high availability and rapid recovery:

  • Heroku provides automated daily backups and failover support
  • Code embeddings can be regenerated directly from source code if needed
  • Rollbar integration enables rapid detection and response to errors

Solo also maintains a formal Business Continuity and Disaster Recovery plan, which details how services are restored and maintained during disruptive events. This plan is available in our Trust Center.

Security Questions

For additional security questions or custom security requests, please contact anik@asksolo.ai.

Ready to Sign up?

Transform your team into product experts

Solo

Product

Chat-with-codeRelease notesDocumentationLinear deflectionIntegrations

Customers

Customer testimonials

Company

Trust centerKnowledge baseChange logStatus page
© 2026 Solo
Privacy PolicyTerms & ConditionsSecurity