Origin, route, context, and widget key boundaries
Security and ops one-pager
The short version for founders, developers, and reviewers.
AnswerLattice can use safe product context and reviewed sources without collecting secrets. Use this one-page summary for install reviews, developer handoff, intake reviews, and buyer security checks.
What can be sent, what must never be sent
Drafts and generated content stay owner-approved
Allowed origins
Restrict widget runtime config to the product and staging domains where AnswerLattice should run.
Blocked routes
Hide the widget from auth, payment, admin, internal help, or other sensitive paths.
Safe page context
Send path, title, feature, workflow, role, and locale. Legacy fields are public-label compatibility only. Do not send secrets or raw customer records.
Safe source intake
Import only owner-selected public pages, supported files, screenshots, or short recordings. Raw media is not retained by default, and generated output requires owner review.
Screenshot attachments
Screenshots are user-initiated upload or paste only. The widget does not automatically capture the host app screen or scrape the DOM.
Widget key handling
AnswerLattice validates widget keys by hash and can copy recoverable widget keys only from encrypted server-side key material.
Owner approval
Drafts, generated answers, and mutation proposals do not become official support truth until reviewed.
Runtime rate limits
Public widget config, search, feedback, predictive, and API paths are bounded and validated before expensive work.
Tenant scope
Dashboard and runtime reads resolve AnswerLattice workspace scope server-side; client context is never trusted as tenant identity.
Team access
Workspace members use AnswerLattice-specific roles and owner-managed reset controls for support work.
Incident contact
Report security or data-handling concerns without sending secrets or full customer datasets in the first message.
What to send through context
Send stable labels that describe where the user is stuck: path, page title, feature, workflow, public role label, and locale. Legacy plan and entity hints must stay public labels only.
What not to send
Do not send passwords, auth tokens, card data, private customer records, raw database IDs, emails, phone numbers, unrelated personal information, screenshots of screens that reveal secrets, or recordings that include private customer data.
Need the full security detail?
The full security page covers hosted help, compiled context, scoped workspaces, role-scoped team access, ticket debugging context, and scheduler boundaries.