DocMind Logo
DocMind
Security Review FAQ

Security FAQ and Data Handling for AI Customer Support

This page answers the recurring questions reviewers ask before approving DocMind for ecommerce AI customer support, website FAQ automation, or internal helpdesk use. The goal is to clarify what is documented today without overstating what has not been formally published.

Encryption

What is encrypted in transit and at rest.

Workspace Scope

How assistants stay tied to the source set that owns them.

Training Boundaries

What customer content is used for, and what it is not used for.

Questions reviewers usually ask first

These answers are written to support real security and procurement review, not just marketing copy.

Is customer content encrypted in transit and at rest?+
Yes. Traffic between browsers, APIs, and DocMind services runs over encrypted connections, and stored knowledge sources remain in encrypted infrastructure. That applies to website FAQ assistants, ecommerce support deployments, and internal helpdesk workflows.
Is one customer workspace mixed with another?+
No. Knowledge sources, answer context, and bot configuration stay scoped to the workspace that owns them. Reviewers should think in terms of workspace boundaries rather than assuming one shared global knowledge layer.
Is uploaded content used to train shared base models?+
No. Uploaded files, website content, and internal documents are used to answer inside your own workspace and are not used to train shared foundation models. If your review process needs provider-specific handling detail, request that during evaluation.
Can customer-facing and internal knowledge stay separate?+
Yes. Teams can keep shopper FAQ content, internal SOPs, and support reference material separated when they should not share the same answer context. The key review question is which sources belong to which assistant before launch.
What happens when a document or page is deleted?+
Deleting a knowledge source removes it from future retrieval and ongoing answer generation. If an account is deleted, associated data is removed from our systems within 30 days.
How should a security or procurement review start?+
Start with scope. Confirm which support surface is going live first, which knowledge sources are included, how escalations work, what deletion expectations exist, and whether the security page answers the questions your reviewers need before launch.
Does DocMind publish specific compliance or hosting-region promises on this page?+
No. This page is meant to answer recurring product-security questions clearly without inventing certifications or region claims that are not documented here. If your team needs provider, region, or questionnaire detail, request the current deployment information during evaluation.
Where should teams look after reading this FAQ?+
Use the security overview for the high-level safeguards, the privacy policy for policy language, and the case studies page for rollout evidence and measurement context. Together those pages are more useful than generic marketing claims.

Before your team approves launch

Most reviews move faster when the first rollout is narrow and the ownership is explicit.

Which sources are included in the first rollout
Which content should remain customer-facing versus internal
What deletion timeline and process your team expects
Whether security review needs provider-specific detail
Review Flow

Use this FAQ as the bridge between marketing and legal review.

Start here for recurring reviewer questions, then move to the policy page, the security overview, and the rollout evidence page depending on whether the next conversation is legal, technical, or operational.

Read the security overview →Review the privacy policy →Open rollout evidence →