Donkey Chats

Overview

At Donkey Chats, we maintain bank-level security standards to protect sensitive therapeutic communications and training materials. Our robust security infrastructure is designed to serve therapy training clinics, universities, therapy clinics, and individual users with the highest level of data protection.

We understand the critical nature of therapeutic communications and take our responsibility to protect your data seriously. Our security measures exceed industry standards and are regularly audited to ensure the highest level of protection.

How We Protect Your Data

For Our Users

Your communications are protected using the same level of encryption that banks use. Every message, training session, and piece of personal information is securely encrypted and stored in a way that even our administrators cannot directly access the content.

We implement multiple layers of security to ensure your data remains private and secure:

Secure authentication and session management
Regular security updates and patches
Strict data access controls
Comprehensive audit trails

Technical Specifications

Encryption Standards

•Database Encryption: AES-256 encryption at rest
•Transport Security: TLS 1.3 with perfect forward secrecy
•Real-time Communications: End-to-end encryption for live sessions

Security Protocols

•HTTPS-only access with HSTS enforcement
•WebSocket connections secured with WSS protocol
•Regular penetration testing and vulnerability assessments

Access Control

We implement strict role-based access control with granular permissions and data access patterns. Our system ensures that sensitive data remains protected while allowing necessary access for development and maintenance.

User Roles & Permissions

•
Developers:
- - Full API-layer access in development environments
- - Access limited to synthetic/fake data during development
- - Temporary access to real (production) data during supervised dry runs
- - No direct database access in production
- - All debug access is logged and time-limited
•
Administrators:
- - Database-layer access for system maintenance
- - Cannot decrypt or read protected user content
- - Access to system metrics and logs
- - Ability to manage user accounts and permissions
- - All administrative actions are logged
•
Clinical Supervisors:
- - Access to assigned training sessions
- - Ability to review and evaluate sessions
- - Cannot access unassigned clinical data
•
Therapists:
- - Access to own client communications
- - Access to personal session records
- - Cannot access other therapists' client data
•
Clients:
- - Access to personal session data only
- - Cannot access other clients' data
- - Control over their data sharing preferences

Data Access Patterns

Development Environment

• Isolated from production data
• Uses synthetic data for testing
• Mimics production encryption patterns
• Separate authentication system

Production Environment

• End-to-end encryption for sensitive data
• Role-based access enforcement
• Comprehensive audit logging
• Time-limited elevated access

Data Protection

• Protected data encrypted at rest
• Separate encryption keys per environment
• Regular access reviews
• Automated access monitoring

Infrastructure Security

Cloud Infrastructure

•Hosted on secure cloud infrastructure, built on AWS
•Automated OS-level security patches and platform updates
•SSL/TLS encryption with automatic certificate management
•Built-in DDoS protection and firewall services

Database Security

•Managed Postgres database with continuous protection
•Regular automated backups
•Data encryption at rest and in transit
•Isolated database instances for enhanced security

Monitoring & Maintenance

•Real-time application metrics and logging
•Proactive platform maintenance and updates
•Automated health checks and alerts

Donkey Chats Security Policy