One embed code
The website owner adds one script to the website. The script loads the widget and connects it to the configured AI agent.
✓Security-conscious AI widget
Security & Privacy for SiteMind AI websites
SiteMind AI is designed as an isolated, domain-locked AI assistant for business websites. The widget helps visitors find answers without accessing passwords, payment data, checkout forms, orders, private accounts, databases or website admin areas.
How the SiteMind AI widget works
SiteMind AI is added to a website through a small embed script. The chat interface runs as a separate widget layer and communicates with the SiteMind AI backend through secured API endpoints.
Public content only
The assistant uses public website content, scanned pages and visible page context to answer visitor questions more accurately.
Visitor guidance
The widget helps visitors understand products, services, pages and next steps without taking control of the website.
What the widget does not access
SiteMind AI is not designed to read private areas of your website. It is a visitor assistant, not an administrative tool.
This page describes the intended SiteMind AI widget behavior and security-conscious product design. It is not a claim of external security certification.
- ×Passwords or login fields
- ×Payment data, card details or checkout forms
- ×Orders, private customer accounts or user dashboards
- ×Website admin areas, CMS access or databases
- ×Hidden server-side data or private files
Security safeguards built into the product
SiteMind AI uses practical safeguards to reduce risk and give website owners more control over how the AI assistant is used.
Domain-locked agents
Each AI agent is connected to a configured website domain. If the embed code is copied to another domain, the agent is blocked.
Isolated widget layer
The chat runs as a separate widget layer and is not designed to change products, orders, page content or website settings.
Protected API keys
Sensitive API keys are kept on the backend and are not exposed inside the public embed code.
HTTPS communication
The website, widget and API communication are intended to run over HTTPS connections.
Data used by SiteMind AI
SiteMind AI can process website content, visitor questions and basic analytics information so the assistant can answer better and website owners can understand visitor needs.
- ✓Public website content and scanned page information
- ✓Chat questions and answers shown in the dashboard
- ✓Basic website analytics such as page, time, device and country/city where available
- ✓Account and billing information needed to provide the SaaS service
Website owners can remove the widget at any time by deleting the embed code from their website.
Security FAQ
Short answers to common security questions before installing SiteMind AI on a business website.
Is SiteMind AI safe to install?
SiteMind AI is designed as a security-conscious widget. It is domain-locked, isolated and not designed to access passwords, payment data, orders, admin areas or databases.
Can the widget read checkout or payment forms?
No. SiteMind AI is not designed to read card details, payment data, checkout forms or other sensitive payment fields.
Can someone copy my embed code?
The agent is locked to the configured website domain. A copied embed code should not work as a free agent on unrelated domains.
Does SiteMind AI access my website database?
No. The widget is not given access to your website database, CMS admin login or server-side private files.
Can I remove the widget later?
Yes. You can remove SiteMind AI by deleting the embed code from your website.
Is SiteMind AI externally certified?
This page does not claim that SiteMind AI itself holds an external security certification. However, SiteMind AI uses trusted infrastructure services that maintain recognized security and compliance attestations such as SOC 2 Type II, ISO/IEC 27001:2022 and, where applicable, PCI DSS v4.0.
Add an AI assistant without giving up website control
SiteMind AI helps visitors get answers while keeping the widget separated from passwords, payments, admin areas and private website systems.