Trust & Security

Data security

Your knowledge, your conversations, and your leads belong to you. This page explains, in plain terms, how Ultimo Bots stores that data, who can reach it, where it is processed, and what happens when you delete it. We have kept it honest: it describes what the product actually does today, not a wish list.

Ultimo Bots is a hosted service. When you add knowledge, chat with your agent, or capture a lead, that information is handled by our backend and a small number of trusted infrastructure providers. The sections below walk through each layer: how your data is kept separate from other customers, how it travels and is stored, who can access it, and how to remove it.

Short version. Each workspace is isolated from every other workspace. Traffic between your browser and Ultimo Bots travels over an encrypted HTTPS connection. Access is protected by sign-in and role-based permissions. Removing a source or an agent deletes its data.

Isolation per workspace

A workspace (also called an organization) is the container that owns your agents, knowledge, conversations, leads, billing, and team. Every account gets a personal workspace automatically, and you can create more for different teams or clients.

Isolation between workspaces is a core design rule, not an afterthought. Behind the scenes, every request is tied to the workspace you are currently in, and every database read or write that touches workspace data is filtered by that workspace identifier. When you open an agent, the backend first confirms that the agent belongs to your current workspace before returning anything, and refuses the request if it does not. The practical result:

  • One customer cannot see another customer's data. Knowledge, conversations, and leads are scoped to the workspace that created them.
  • Search results stay separate. Each agent's knowledge lives under its own dedicated namespace in our search index, so one agent never retrieves another agent's content.
  • Switching workspaces switches everything. Your agent list, analytics, leads, and knowledge all change to match the workspace you are viewing.
Use separate workspaces for separate clients. If you manage sites for several businesses, give each its own workspace. That keeps their knowledge, conversations, and leads cleanly separated and lets you invite the right people to each one.

Encryption in transit

Data moving between your browser and Ultimo Bots, and between your website visitors and your agent, travels over HTTPS (TLS). That means the connection is encrypted in transit, so the contents of a request cannot be read by someone watching the network in between. The dashboard, the hosted chat link, and the embeddable widget are all served over HTTPS.

We describe encryption in transit here because that is what we can state plainly and verifiably. For questions about storage-level encryption or other specifics for a compliance review, please contact us and we will answer directly.

Authentication and access control

Access to your workspace is protected on two fronts: proving who you are, and limiting what each person can do.

  • Sign-in. You sign in with an email and password. Passwords are stored as one-way hashes (bcrypt), never as plain text, so the original password cannot be read back even by us. You can also sign up through the Wix, Webflow, or WordPress connection flows.
  • Session tokens. After you sign in, the dashboard uses a signed, time-limited token (a JWT) to authenticate each request. Tokens expire after 24 hours, so a token that leaks does not stay valid indefinitely.
  • Role-based permissions. Team members have a role of owner, admin, write, or read. Roles decide who can edit agents and knowledge, manage the team, change billing, or only view. These checks are enforced on the server, not just hidden in the interface, so a blocked action is genuinely blocked.

For the full breakdown of what each role can and cannot do, see Roles & permissions.

Not available today. Ultimo Bots does not yet offer single sign-on (SSO/SAML), two-factor authentication, or a customer-facing audit log. If your organization requires these, tell us so we can factor it into planning, and avoid documenting them as if they exist.

Where your data is hosted and processed

Ultimo Bots runs on Microsoft Azure. To answer visitor questions and power search, your data is processed by a small set of named providers. Here is exactly who touches what, and why:

ProviderRoleWhat it handles
Microsoft AzureHosting and storageRuns the Ultimo Bots backend and database, and stores files you upload as knowledge.
OpenAIAI responsesGenerates your agent's answers and creates the embeddings used for search. The visitor's message and the relevant knowledge needed to answer it are sent to OpenAI at reply time.
PineconeKnowledge searchStores the searchable index of your knowledge so the agent can find the right passage to answer with. Each agent has its own isolated namespace.

These are the core providers for the AI experience itself. Connected channels and tools you choose to enable (for example a Google Drive or OneDrive import, or a messaging channel) involve the relevant provider for that integration as well.

The underlying AI model is provided by OpenAI. We do not train our own models on your data, and we do not claim that your content is excluded from every provider process. If you need a formal data-processing answer, contact us and we will be specific.

What we store and how it is protected

We try to store only what the product needs to work. The table below lists the main categories of data, why each exists, and how it is protected.

What we storeWhyHow it is protected
Knowledge content
Scraped website pages, uploaded documents, FAQs, and business context.
This is what your agent answers from.Scoped to your workspace. The searchable index lives in a per-agent namespace. Deleting a source removes it.
Conversations
The chat history between your visitors and your agent or a human teammate.
Powers the live inbox, analytics, follow-up, and (where enabled) AI-suggested replies.Scoped to your workspace and reachable only by signed-in members with a role.
Leads
Details a visitor submits through an in-chat form, such as name, email, or a message.
So you can follow up with interested visitors.Scoped to your workspace and visible only to members with access.
Account and team data
Your name, email, password hash, workspace, roles, and billing record.
To run your account, your team, and your subscription.Passwords are hashed. Access is role-gated. Billing is handled by the payment provider.

Data deletion and retention

You stay in control of the data your agents hold. Deletion is real deletion, not just hiding the item from view.

  • Remove a knowledge source. When you delete a website page, document, FAQ, or other source from an agent's knowledge base, it is removed from our database and from the search index for that agent. The agent stops answering from it.
  • Delete an agent. Deleting an agent removes the agent and clears its knowledge namespace from the search index, so its content is no longer retrievable.
  • Close your account. If you want your account and its data removed, contact us and we will handle it.
Deletion is permanent. Once a source or an agent is deleted, its knowledge cannot be recovered from the dashboard. Export anything you want to keep, for example chat histories or leads, before you delete.

For how this maps to privacy rights such as access and erasure requests, see GDPR & privacy.

Your responsibilities

Security is shared. We protect the platform; you decide what goes into it and who you let in. A few practices keep your data safe:

  • Do not put secrets in knowledge. Your knowledge content is used to answer visitors and is sent to the AI provider at reply time, so treat it as readable. Never paste passwords, API keys, private tokens, or internal credentials into a scraped page, uploaded document, FAQ, or business context. If a secret ends up in knowledge, rotate it and remove the source.
  • Be deliberate about what your agent can answer. Only add content you are comfortable having your agent share with visitors.
  • Invite people at the right role. Give teammates the lowest role that lets them do their job. Use read for people who only need to view.
  • Protect your sign-in. Use a strong, unique password and remove team members promptly when they no longer need access.
Need formal compliance documentation? If you require a data-processing agreement, a security questionnaire completed, or details for a vendor review, please contact our team. We would rather give you an accurate, specific answer than publish claims we cannot stand behind.

Related pages

Our website uses intelligent AI agents powered by Ultimo Bots to improve customer service.