How we protect your data and your fans' conversations.
All data transmitted between fans, the widget, and our servers is encrypted using HTTPS/TLS. No data is sent in plain text.
Fan IP addresses are hashed before storage. We do not store raw IP addresses or personally identifiable information.
Dashboard access is protected by password authentication with session tokens. API endpoints require valid authentication.
Each client's data is logically separated in the database. Clients can only access their own fan data and analytics.
The Fan Companion platform runs on dedicated server infrastructure with automated SSL certificate management, regular security updates, and database backups. For clients with specific data residency requirements, the platform can be deployed on the client's own infrastructure in any region.
Fan conversations are processed through the Anthropic Claude API to generate responses. Conversation content is sent to the API for response generation only. Anthropic does not use API inputs to train their models. We do not share fan data with any other AI providers.
We follow a data minimisation approach. We only collect what is necessary to provide the service: conversation text for response generation and analytics, anonymised technical data for platform monitoring, and aggregated metrics for reporting. We do not collect names, emails, phone numbers, or payment information through the chat widget.
Client knowledge bases are stored server-side and never exposed to end users. The AI system prompt containing the knowledge base is not visible in the browser or accessible through the widget. Supplementary knowledge base entries added through the dashboard are verified through an automated weekly review process.
We design our platform to support compliance with applicable data protection regulations including the EU General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and UAE data protection laws. For clients requiring a formal Data Processing Agreement (DPA), contact us at dan@dsegroupae.com.
In the event of a data security incident, we will notify affected clients promptly and take immediate steps to contain and remediate the issue. We maintain incident response procedures and conduct regular reviews of our security practices.
For security-related enquiries or to request a Data Processing Agreement, contact us at dan@dsegroupae.com.