Skip to content
Trust & security

Security Overview

Message Wizard is designed with security, data isolation, and privacy by default. This page explains our approach in plain English.

No AI training: customer emails, attachments and orders are never used to train public or shared AI models.

1) Overview

Message Wizard processes inbound sales emails to extract order data and generate structured orders. We treat customer data as confidential operational data and design controls around isolation, least privilege and secure-by-default infrastructure.

2) Hosting & Infrastructure

  • Hosted on Microsoft Azure (UK region where available for core workloads).
  • Network and physical security are provided by Azure’s data centre controls.
  • Managed services are patched and maintained as part of platform operations.

3) Tenant Isolation

Each customer is assigned a unique tenant ID. Data is logically isolated using tenant identifiers, including as a partition key in Cosmos DB. The application enforces tenant scoping for every request and data operation.

What this means

One customer cannot access another customer’s emails, orders or configuration because queries and storage partitions are tenant-scoped by design.

4) Encryption

  • In transit: TLS is used for connections to the application and supported integrations.
  • At rest: Azure storage encryption is enabled for stored data and backups.

5) Access Controls

  • Role-based access control (RBAC) within the app.
  • Least-privilege access to production services.
  • Administrative access is restricted to authorised personnel.

6) Logging & Monitoring

We monitor platform health and maintain logs to help detect incidents, diagnose issues and support customers. Logs are designed to minimise sensitive content where feasible.

7) AI & Data Handling

  • No AI training using customer emails, attachments or orders.
  • AI is used to extract order details and classify messages as part of service delivery.
  • Where configurable, data retention for model providers is disabled.

8) Retention & Deletion

Default retention for source emails and logs may apply (e.g., 90 days) unless configured otherwise. Customers can request deletion and we support retention configuration on request.

9) Incident Response

We investigate security incidents promptly and will notify affected customers where required by law or contract. Our goal is rapid containment, clear communication and corrective actions.

10) Compliance Position

Message Wizard is not currently certified to SOC 2 or ISO 27001. The platform is designed to align with the principles of these frameworks (security, availability, confidentiality and privacy), and we are happy to support reasonable customer security reviews.

11) Contact

Security questions? Email contact@msg-wiz.com.

Try Message Wizard with free credits

Start with 200 free email credits — no credit card required.

Get Started Free View pricing

Note: This page is informational and may be updated as the platform evolves. For contract-level terms, see the Terms, Privacy Policy and DPA.