Security & data
Where your data lives, what's encrypted, and what's never sent off-site.
Data flow
When a user sends a message:
- Browser sends the message + page context to the DuggAI API.
- API authenticates the widget key, verifies the JWT (if identify is signed), and writes the conversation row to our database.
- The agent runs retrieval against your knowledge sources, decides what to do (reply, ask, hand off, escalate), and generates the customer-facing reply.
- Reply is sent back to the browser and stored on the conversation.
Identifiable data (user email, name, identifiers you pass via identify) is attached to the conversation. Discord follows the same flow with the bot in place of the widget.
Where data lives
| Data | Storage | Encryption |
|---|---|---|
| Conversations & messages | Supabase (US regions) | AES-256 at rest, TLS in transit |
| Knowledge source content | Supabase | AES-256 at rest |
| Vector embeddings | Supabase pgvector | AES-256 at rest |
| API keys | Supabase, hashed | SHA-256 hash; raw key shown once |
| Discord OAuth tokens | Supabase, encrypted | Per-row encryption with KMS |
Model providers
Replies are generated through OpenRouter with prompt logging and training opt-ins disabled. The underlying providers retain only request metadata (timestamps, token counts) — not prompts or completions.
What we never do
- Sell your data to anyone.
- Use your conversations to train shared / public AI models.
- Share data across DuggAI accounts.
- Cross-pollinate clusters: your bug intelligence is built only from your conversations.
- Read user-typed message content for analytics — we look at metadata (latency, model, action chosen) only.
Access controls
- Team roles — Owner, Admin, Member, Viewer. Granular permissions for billing, agent settings, and conversation access.
- Channel scoping — Members can be restricted to specific Discord channels or widget projects.
- Audit log — every settings change, take-over, deletion is logged with actor + timestamp. Pro plan and above.
Keys & secrets
Each widget gets two values, issued together from Dashboard → Integrations:
- Public widget key (
duggai_pk_) — embedded in your install snippet'sdata-keyattribute. Scoped to one widget, rate-limited per visitor, safe to commit. - Webhook secret — shown once on key creation. Used server-side to compute the HMAC-SHA256 hash you pass to
DuggAI.identify, so the agent trusts the user is logged in. Never ship this to the browser.
If either leaks, rotate from Dashboard → Integrations → Rotate key; the old pair is revoked immediately.
Compliance
- SOC 2 Type II — in progress, expected mid-2026.
- GDPR — DuggAI supports user data export and deletion requests via the API. Email support@duggai.com for DPA.
- CCPA — same posture as GDPR.
Deleting your data
Account deletion wipes every conversation, knowledge source, embedding, and integration token. Users can also request individual conversation deletion via POST /api/v1/conversations/:id/delete — useful for honoring user-initiated deletion requests.