Your source files are not public website assets.
Knowledge files are stored as private sources and processed into searchable chunks. Public visitors chat with the assistant; they do not browse or download your uploaded files.
Private sources, controlled answers, allowed domains
Built for controlled AI answers on your website.
aurochat is designed around private knowledge sources, grounded responses, allowed domains, server-side validation, and clear data deletion controls.
Answers should come from your knowledge base.
For business-specific questions, aurochat is designed to retrieve relevant knowledge before generating an answer. If there is not enough relevant information, the assistant can use a fallback message instead of guessing.
- Business answers are based on uploaded or added knowledge.
- The assistant can ask clarifying questions.
- Unknown answers can trigger lead capture.
- System prompts and internal metadata are not shown to visitors.
Security and data controls
Control where your widget works.
Each assistant has an allowed-domain list. The widget must validate the origin before a functional chat session is issued.
The widget does not expose secret keys.
Public chat requests must go through controlled server endpoints. The widget must not communicate directly with privileged database access.
Usage limits are enforced server-side.
Message quotas, lead quotas, domain limits, and branding rules must be enforced on the server, not only hidden in the interface.
Clear retention by plan.
- Free: 30-day conversation retention.
- Starter: 90-day conversation retention.
- Pro Coming soon: 365-day retention.
Account deletion removes workspace data.
When a user deletes their account, aurochat must cancel active subscriptions where applicable and delete or schedule deletion of workspace data, stored documents, embeddings, conversations, and leads.
aurochat does not claim legal, security, privacy, or compliance certification unless explicitly verified and documented.