Request Pilot

Trust Center

Security First By Design

Customer-hosted deployment. Data stays in your environment. Built for institutional security requirements.

🏠

Customer-Hosted

The entire solution runs inside your university environment— on-prem or in your cloud. We never host student data.

🔒

Behind Your Firewall

All traffic stays internal. Students access the bot through your portal. No external endpoints required.

📉

Data Minimization

We only store operational logs—not full message bodies unless you explicitly enable extended logging.

📋

Audit Visibility

Every interaction generates timestamped logs. Every ticket includes the full conversation transcript for compliance.

Data Flow

What Data Goes Where

🎓

Student Portal

SSO identity from portal session

🤖

Bot Service

Runs inside your environment

Logs: chat_started, flow_completed, ticket_created
📋

Freshservice

Tickets + private notes via API

✓ What We Log

  • Session start/end timestamps
  • Flow path taken (MFA, Wi-Fi, etc.)
  • Deflection vs escalation outcome
  • Ticket creation success/failure
  • API response codes for monitoring
  • Anonymized usage patterns

✗ What We Don't Store

  • Full message content (unless approved)
  • Student PII beyond session context
  • Passwords or sensitive credentials
  • Data outside your environment
  • Third-party analytics trackers
  • Anything you don't explicitly enable

Reporting

Reports, Not Raw Data

ITS gets operational dashboards to measure ROI—not access to student conversation content.

📊

Deflection Rate

% resolved without ticket

🌙

After-Hours Usage

ROI for nights/weekends

⏱️

Time-to-Intake

Bot vs manual comparison

Knowledge Gaps

Missing KB articles

Freshservice Integration

Secure API Access

We use the official Freshservice REST API with a dedicated service account credential you control.

  • Dedicated API key (not personal)
  • Scoped to ticket operations only
  • Test in Sandbox before production
  • Private notes for agent context
  • No read access to existing tickets
API Permissions
Create Ticket
Add Private Note
Read KB/Solutions
Read Existing Tickets
Delete Anything
Admin Operations

AI Transparency

Knowledge Base Usage

We use retrieval-augmented generation (RAG)—not model training on your data.

  • Retrieval, not training: We sync approved Freshservice Solutions articles into an internal retrieval index
  • Grounded responses: Bot answers are grounded in your approved KB content—not generated from scratch
  • No model training on tickets: We do NOT train AI models on student messages or ticket data by default
  • You control the sources: Configure which Solutions categories to include or exclude from the index
  • Local processing: Retrieval index runs inside your environment—articles never leave your network
📚Your Solutions Articles
🔍Retrieval Index (RAG)
🤖Grounded Bot Response
No training on student data

Compliance

Built for Higher Ed Requirements

FERPA

Student data handled per educational privacy standards

GDPR

Data minimization and retention controls available

SOC 2

Architecture supports audit logging requirements

Procurement Ready

Enterprise Security Checklist

Everything your security and procurement teams need to know.

🏠

Customer-Hosted Deployment

Full control over hosting environment—on-prem or your cloud account

⏱️

Data Retention Configurable

Set retention policies for logs and conversation data per your requirements

📋

Comprehensive Logging & Auditability

Timestamped logs for all interactions, API calls, and ticket creation events

🔑

Dedicated Service Account

Freshservice API uses a dedicated service account you create and control

🧪

Sandbox-First Testing

Full testing in Freshservice Sandbox before any production API access

🚫

No Third-Party Analytics

Zero external tracking. All analytics are local to your deployment

Questions about security?

We're happy to walk through the architecture with your security team.

Schedule a CallTechnical Details