archi bot Product docs

Data Boundary

Archibot Chat approved data use

Know what data is approved for hosted commercial Archibot Chat and when to request an enterprise review.

Customer adminsCustomer membersPlatform operators

Last updated

Archibot Chat approved data use

Archibot Chat is a commercial product unless your contract explicitly says otherwise.

Use hosted Archibot Chat only for data your organization has approved for the configured commercial SaaS, identity, storage, backup, support, and model-provider paths.

If your use case has special security, regulatory, contractual, data-residency, support-access, or provider-approval requirements, request the enterprise security packet before entering data into Chat. This applies to API calls, uploads, account exports, support requests, and Activity evidence as well.

When data-boundary acknowledgement enforcement is enabled for the environment, you must acknowledge this commercial data boundary during Setup before setup can be marked complete. That acknowledgement is saved with your account onboarding record.

Do not enter

Do not enter or upload:

  • Data that your organization has not approved for commercial SaaS processing.
  • Data that your organization has not approved for the configured model-provider path.
  • Data that needs a signed enterprise agreement, security addendum, private deployment, or special support process before use.
  • Passwords, private keys, raw tokens, cookies, or one-time invite links.

Regulated, export-controlled, customer-sensitive, or contract-restricted data needs your organization’s approval before use. If you are unsure, stop and ask your customer admin or ISM support for the approved handling path.

Commercial SaaS rule

The hosted commercial service may use:

  • Public Archibot Chat.
  • Archibot-hosted commercial dedicated tenants.
  • Commercial AWS backups.
  • DigitalOcean-hosted services.
  • Resend email notifications.
  • Stripe billing.
  • Normal commercial Authentik tenants.
  • Standard commercial monitoring or support tooling.

Do not route data through those systems unless your organization has approved that processing path.

Enterprise packet

Enterprise customers can request a security packet when they need a deeper review before use.

The packet can cover:

  • Current provider categories.
  • Security controls and audit evidence.
  • Backup and retention posture.
  • Data-flow and model-provider routing.
  • Deployment options for customers that need stronger boundaries.
  • Open gaps, planned enterprise features, and review status.

For more detail on these topics, see the security overview and the subprocessors list.

When to contact support

Contact your customer admin or ISM support before using Archibot Chat if:

  • The data might be regulated, export-controlled, customer-sensitive, or covered by special contract handling.
  • The contract or security team has not approved commercial SaaS processing.
  • You need the enterprise security packet or a dedicated-environment discussion.

Do not include the sensitive data itself in the support request. Ask for the approved exchange path first. To open a request, see support cases.

Related reading: Setup covers the data-boundary acknowledgement step, and Activity and audit explains the evidence record.

Done When

  • Your organization has approved the data for hosted commercial SaaS.
  • Regulated or sensitive use cases have the right customer approval.
  • Enterprise security questions are routed through the request packet.