Security approach
A practical overview of how AICentral is being designed to protect platform access, client information and website conversations.
Credentials stay central
The OpenAI API connection and core business logic run on AICentral servers. A client website receives only a public widget key and the widget script.
Separated client data
Every widget, knowledge base, conversation, lead and workspace is associated with a specific client business record.
Approved domains
A client widget key is checked against the website domains approved in that client workspace before the widget API responds.
Usage and abuse controls
The platform applies visitor-message rate limits, monthly conversation allowances and protected server-side API requests.
Separate owner and client access
Owner administration and client workspaces are separate. Client queries are scoped to their own business account.
Operational safeguards
Queued email, configurable retention, activity logging and regular backups are important parts of a secure live deployment.
Security is a process, not a label.
No internet service can promise perfect security. AICentral’s goal is to use sensible technical and operational safeguards, limit unnecessary collection, keep core credentials private, maintain clear access boundaries and respond to issues responsibly.
Before the full platform launches, hosting, backups, database access, email delivery, API credentials, retention settings, incident response and customer agreement wording should be reviewed for the production environment.