Security & data
Account

Security & data

Where your data lives, what's encrypted, and what's never sent off-site.

Data flow

When a user sends a message:

  1. Browser sends the message + page context to the DuggAI API.
  2. API authenticates the widget key, verifies the HMAC user hash (if identify is signed), and writes the conversation row to our database.
  3. The agent runs retrieval against your knowledge sources, decides what to do (reply, ask, hand off, escalate), and generates the customer-facing reply.
  4. Reply is sent back to the browser and stored on the conversation.

Identifiable data (user email, name, identifiers you pass via identify) is attached to the conversation. Discord follows the same flow with the bot in place of the widget. The Discord bot connects over a single server-side gateway token; we store your server (guild) ID, not per-user OAuth tokens.

Where data lives

DataStorageEncryption
Conversations & messagesSupabase (Postgres)AES-256 at rest, TLS in transit
Knowledge source contentSupabaseAES-256 at rest
Vector embeddingsSupabase pgvectorAES-256 at rest
Public widget keySupabasePublishable key, safe to embed; stored as-is
Coding-agent keys (e.g. Cursor)SupabaseEncrypted at rest (Fernet / AES-128)

Model providers

Replies are generated by large language models from Anthropic (primary) and OpenRouter (fallback and auxiliary models), called server-side. We never use your conversations to train models.

What we never do

  • Sell your data to anyone.
  • Use your conversations to train shared / public AI models.
  • Share data across DuggAI accounts.
  • Read user-typed message content for analytics — we look at metadata (latency, model, action chosen) only.

Access controls

  • Team roles — Owner, Admin, and Member. Invite teammates from Settings → Team.
  • Security audit log — the message classifier logs every message it blocks or escalates, with timestamps, under Settings → Security.

Keys & secrets

Each widget gets two values, issued together from Dashboard → Integrations:

  • Public widget key (duggsupp_pk_) — embedded in your install snippet's data-key attribute. It's a publishable key: scoped to one widget, rate-limited per visitor, and safe to commit to client code.
  • Signing secret — your org's HMAC secret, kept server-side. You use it to compute the HMAC-SHA256 hash you pass to DuggAI.identify, so the agent can trust the user is who they claim to be. Never ship it to the browser. See Identifying users.

If your widget key leaks, regenerate it from Dashboard → Integrations; the old key stops working immediately.

Compliance

  • SOC 2 — not yet certified. If you need our current security posture for vendor review, email support@duggai.com.
  • GDPR / CCPA — we honor data export and deletion requests. Email support@duggai.com for a DPA or any data request.
Enterprise requirements
Need a DPA or custom data handling for a vendor-security review? Those are handled on the Custom plan. Email support@duggai.com.

Deleting your data

Deleting your org wipes every conversation, knowledge source, embedding, and integration in a single cascade. For individual conversation or user-data deletion (e.g. honoring a GDPR request), email support@duggai.com.