Your proprietary data is the lifeblood of your business. We engineer every layer of our AI infrastructure to ensure your data remains isolated, encrypted, and exclusively yours.
We use a strict Retrieval-Augmented Generation (RAG) architecture. Your documentation is referenced for answers, but it is never used to train underlying foundational models.
Your embeddings are stored in a logically separated, AES-256 encrypted tenant.
Data is pulled temporarily into memory to answer the query, then immediately purged.
Data never flows back to OpenAI, Anthropic, or open-source models for training.
Independently audited to meet the regulatory requirements of global enterprises.
Our infrastructure, policies, and operations are continuously audited to ensure the security, availability, and confidentiality of your data.
Fully compliant with EU data protection regulations. We offer standard contractual clauses (SCCs) and complete data deletion (Right to be Forgotten) APIs.
We safeguard California consumers' privacy rights. We do not sell personal information and provide automated tools for data subject access requests.
Security isn't a single feature; it's layered throughout our entire stack.
All customer data, including uploaded PDFs, crawled website text, and chat logs, is encrypted at rest using AES-256. All data in transit between our servers, your widget, and third-party integrations is secured via TLS 1.3.
We utilize static application security testing (SAST), software composition analysis (SCA), and strict dependency monitoring in our CI/CD pipelines.
Enterprise plans include SAML-based Single Sign-On (SSO) via Okta, Google Workspace, or Azure AD, paired with granular Role-Based Access Control (RBAC).
Hosted on a hardened cloud platform with strict network isolation, security groups, and Cloudflare WAF for DDoS protection and anomaly detection.
Continuous logging via Datadog. A dedicated SecOps team monitors SIEM alerts 24/7/365 to detect and mitigate potential threats instantly.
We run continuous security hardening across our application and infrastructure, including monitoring, vulnerability remediation, and secure change management.
No. DuDiBa explicitly guarantees that your knowledge base, chat logs, and customer data are never used to fine-tune or train any foundational LLMs (OpenAI, Anthropic, etc.). Your data is used strictly for retrieval to answer your users' questions.
Our primary infrastructure is hosted in the US-East region on our managed cloud platform. EU data residency/localization is not currently offered.
By default, chat transcripts are retained for 30 days on standard plans to provide analytics. Enterprise customers can configure custom retention policies (e.g., 7 days, 90 days) or opt for immediate zero-retention.
If a user requests data deletion under GDPR or CCPA, you can trigger an automatic deletion of all PII associated with that user via our dashboard or API. Deletion requests are executed and propagated across backups within 30 days.
Access to production data is strictly limited to authorized senior engineering personnel on a least-privilege basis, and only for maintaining system stability or responding to a support ticket you initiated. All access is logged and audited.
Ready to review our security posture? Our dedicated InfoSec team is ready to assist with vendor questionnaires and compliance documentation.