Security and trust

Customer knowledge stays controlled.

HiAgent is built around private workspace knowledge, owner-controlled sources, and conservative AI answers. The widget answers from approved RAG chunks and routes weak answers for review.

Private source storage

Uploaded knowledge files are stored outside the public website folder and are tied to the owner's workspace.

Workspace-scoped retrieval

The widget can only retrieve chunks from the configured workspace. Random files from other accounts are not candidates.

Owner-managed knowledge

Only the signed-in owner can upload, remove, review, or test knowledge sources from the dashboard.

Human review loop

Low-confidence answers are saved as missed questions so owners can approve stronger FAQ sources before relying on them.

Operational boundaries

Visitors do not receive source names, file paths, internal scores, or retrieval notes.

Uploaded files are not used across workspaces and are deleted when their source is removed.

Owners can inspect RAG health, run answer tests, and turn missed questions into reviewed FAQ sources.

Source boundaries

HiAgent is meant for approved business knowledge such as website pages, FAQs, documents, and PDFs. Owners decide which sources belong in the workspace.

Visitor boundaries

The widget is for public website support questions. It should not be used to collect passwords, private API keys, payment card numbers, or regulated sensitive data.

Review boundaries

Missed questions show where the source content is weak, so owners can improve answers before relying on the widget for that topic.

Direct answers

Security questions before installing the widget.

How does HiAgent keep answers controlled?

HiAgent answers from workspace-scoped knowledge sources, fallback rules, and owner-managed review workflows instead of exposing raw files or answering from unrelated account data.

Can visitors see source files or retrieval scores?

No. Visitors do not receive source names, file paths, internal scores, or retrieval notes. Owners review source health and missed questions in the dashboard.

Who manages the knowledge sources?

The signed-in workspace owner controls uploads, website sources, FAQ answers, source deletion, widget settings, answer tests, and missed-question review.

What should a business avoid uploading?

Customers should avoid payment card data, health records, government IDs, passwords, private API keys, or regulated sensitive data unless a separate written agreement allows it.