Security & Privacy
How Vocade protects your data and your users' data. Built for enterprise trust.
How the Widget Works
The Vocade widget is a lightweight JavaScript snippet embedded on your website. When a user starts a conversation, the widget reads your page's structure, element labels, field names, and button text, to understand what it can help with.
What this means in practice:
- The widget reads: element labels, CSS selectors, placeholder text, button names
- The widget never reads: existing field values, passwords, cookies, auth tokens, or any user data already on the page
- All interactions are initiated by the user in conversation, the agent only acts on what the user explicitly requests
Data Transmission
Everything transmitted between the widget and Vocade is:
- Encrypted in transit via TLS 1.2+ / WSS (WebSocket Secure)
- Session-scoped, each conversation is a distinct, isolated session
- Minimal, only what's needed to power the conversation
What Vocade receives from the widget:
| Data | Transmitted? | Notes |
|---|---|---|
| Page element labels & selectors | ✅ Yes | Structure only, no values |
| Existing form field values | ❌ Never | |
| Passwords | ❌ Never | Explicitly blocked in code |
| Cookies / auth tokens | ❌ Never | |
| User conversation text | ✅ Yes | Required to power the AI |
| Voice audio (if used) | ✅ Yes | Processed for STT, not stored |
Agent Actions & User Control
The Vocade agent operates under a human-in-the-loop model:
- The agent announces every action before taking it ("I'll fill in your email now")
- For form submissions, the agent always asks for confirmation before clicking Submit
- Users can cancel any action at any time
- Agents never act without an explicit user request in the conversation
Tenant Data Isolation
Every Vocade customer (tenant) operates in a fully isolated environment:
- No cross-tenant data access, your data is never visible to other customers
- Agent configurations, call logs, and contact data are scoped to your tenant
- API keys and credentials are tenant-specific and hashed at rest
Data Retention
- Conversation transcripts: retained for the duration of your subscription, deleted on account termination
- Call recordings: retained per your configured retention policy (default: 90 days)
- DOM snapshots: held in memory for session duration only, never written to disk or database
What We Will Never Do
- Read or transmit password field values
- Access data outside the current page context
- Share your data with other tenants
- Sell your data to third parties
- Use your users' conversation data to train AI models
Compliance
Vocade Inc. is incorporated in Canada and operates under:
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- CASL (Canada's Anti-Spam Legislation)
- GDPR-aligned data handling practices for EU users
Questions
For security questions or to request our security documentation: security@vocade.ai