Security and ops one-pager

The short version for founders, developers, and reviewers.

AnswerLattice can use safe product context and reviewed sources without collecting secrets. Use this one-page summary for install reviews, developer handoff, intake reviews, and buyer security checks.

Install review

Origin, route, context, and widget key boundaries

Data review

What can be sent, what must never be sent

Answer review

Drafts and generated content stay owner-approved

Allowed origins

Restrict widget runtime config to the product and staging domains where AnswerLattice should run.

Blocked routes

Hide the widget from auth, payment, admin, internal help, or other sensitive paths.

Safe page context

Send path, title, feature, workflow, role, and locale. Legacy fields are public-label compatibility only. Do not send secrets or raw customer records.

Safe source intake

Import only owner-selected public pages, supported files, screenshots, or short recordings. Raw media is not retained by default, and generated output requires owner review.

Screenshot attachments

Screenshots are user-initiated upload or paste only. The widget does not automatically capture the host app screen or scrape the DOM.

Widget key handling

AnswerLattice validates widget keys by hash and can copy recoverable widget keys only from encrypted server-side key material.

Owner approval

Drafts, generated answers, and mutation proposals do not become official support truth until reviewed.

Runtime rate limits

Public widget config, search, feedback, predictive, and API paths are bounded and validated before expensive work.

Tenant scope

Dashboard and runtime reads resolve AnswerLattice workspace scope server-side; client context is never trusted as tenant identity.

Team access

Workspace members use AnswerLattice-specific roles and owner-managed reset controls for support work.

Incident contact

Report security or data-handling concerns without sending secrets or full customer datasets in the first message.

What to send through context

Send stable labels that describe where the user is stuck: path, page title, feature, workflow, public role label, and locale. Legacy plan and entity hints must stay public labels only.

What not to send

Do not send passwords, auth tokens, card data, private customer records, raw database IDs, emails, phone numbers, unrelated personal information, screenshots of screens that reveal secrets, or recordings that include private customer data.

Need the full security detail?

The full security page covers hosted help, compiled context, scoped workspaces, role-scoped team access, ticket debugging context, and scheduler boundaries.