DuChat

Docs sections

OverviewAccount setupDashboardCreate chatbotChatbot settingsTrain knowledgeTest and publishWidget setupPlatform embedsWordPressWebflowShopifyWixSquarespaceFramerGoogle Tag ManagerBigCommerceBubbleCarrdCustom HTMLConversationsAnalyticsBillingTeam and rolesNotificationsSupportSecurityAdmin monitoringDeveloper integrationsTroubleshooting
Data safety

Security and data handling

Understand tenant scoping, widget runtime checks, rate limiting, visitor analytics, AI provider, and prompt leakage protection.

Auth

Auth and tenant scope

Private dashboard and admin routes use server side auth checks. Normal users cannot access admin routes.
Workspace data is tenant scoped by workspace id, and chatbot data is scoped by workspace id plus chatbot id.

Widget

Widget checks

Widget APIs validate chatbot status, domain allowlist, visitor session, rate limits, credit status, and admin pause state.

Data

Visitor data

Visitor analytics store coarse context such as country, device, browser, language, page URL, and referrer. Raw IP addresses are not stored for analytics.
Rate limit keys use hashed IP derived values. Runtime monitoring stores hashed IP only when needed.

AI

AI and prompts

AI integration uses the configured server provider. Chat and embedding models are controlled by environment variables.
Prompt leakage and data extraction attempts are blocked and logged as monitoring events.
AI environment
AI_PROVIDER_API_KEY=
AI_CHAT_MODEL=
AI_EMBEDDING_MODEL=
AI_EMBEDDING_DIMENSIONS=
Next doc

Admin monitoring

Super admins monitor platform analytics, chatbots, workspaces, conversations, usage, plans, support, notifications, and settings.

Open