Taufinity Studio

Appearance

Data Governance

Taufinity Studio provides controls for data privacy, AI usage, and compliance. This page describes the available controls and how they work.

Privacy Controls

Privacy Protection

Each organization has a Privacy Protection toggle (enabled by default) that prevents AI assistants from performing people-finding, background-check, or OSINT-type searches through widgets and chat.

When enabled, AI queries that attempt to look up personal information about individuals are blocked. This control helps organizations align with data minimization principles.

Navigate to Organization > Settings to manage this toggle.

Chat Logging

Chat logging is disabled by default and must be explicitly opted in per organization.

When enabled:

  • User messages and AI responses are stored for audit and analysis purposes
  • All stored messages are encrypted using per-organization encryption keys
  • Messages are logged after the AI response is returned

When disabled:

  • Chat messages are processed in real-time but not persisted
  • No conversation history is retained after the session ends

WARNING

Before enabling chat logging, ensure your privacy policy informs users that conversations may be stored. This is your responsibility as the data controller.

Bring Your Own AI Keys

Enterprise customers can use a bring-your-own-key (BYOK) model for AI providers. Instead of routing AI requests through a shared API, you connect your own API keys from providers like OpenAI, Anthropic, Google, Mistral, or others.

This gives you:

  • Cost control — AI usage is billed directly to your provider account. You set your own spending limits, rate limits, and budgets with your provider
  • Provider choice — Select the AI models that fit your use case and budget. Switch providers or models at any time per site
  • Terms of service — Your AI usage is governed by your own agreement with the provider. You control data processing terms, retention policies, and usage rights directly
  • No markup — Taufinity Studio does not add fees on top of your AI provider costs

TIP

BYOK is available on Enterprise plans. Other plans include AI usage billed through Taufinity Studio — see Licensing for details.

See AI Providers for supported providers and configuration.

Data Processing Location

Taufinity Studio is hosted on European cloud infrastructure (Netherlands region). This means:

  • Application servers run in EU data centers
  • Databases are stored in EU regions
  • File storage uses EU-based buckets

For AI processing, you control the data processing region through your provider choice. For example, AWS Bedrock lets you select specific regions (e.g., eu-west-1), and other providers offer regional endpoints. By choosing which provider and region to configure in your AI settings, you determine where AI inference runs.

Encryption

Data at Rest

  • Chat messages (when logging is enabled) are encrypted using per-organization keys managed through a cloud key management service
  • Database backups are encrypted
  • File storage uses server-side encryption

Data in Transit

  • All connections use TLS encryption
  • API requests require HTTPS
  • Internal service communication is encrypted

Data Isolation

Organizations are fully isolated from each other:

  • Each organization's data is logically separated at the database level
  • API requests are scoped to the authenticated organization
  • Cross-organization data access is not possible through the application
  • API keys can be further scoped to specific sites within an organization

Access Controls

Taufinity Studio provides layered access controls:

LayerControls
AuthenticationGoogle SSO — no shared passwords
Organization rolesOwner, Admin, Member, Viewer (details)
API key scopingPer-organization, per-site, per-endpoint (details)
Admin elevationSystem admin operations require TOTP verification

Audit Capabilities

When chat logging is enabled, organizations have access to:

  • Conversation records with timestamps
  • Widget and request correlation
  • Encrypted message content accessible only within the organization context

All organization setting changes (privacy toggles, chat logging, member changes) are tracked through the platform's audit middleware.

Data Deletion

Taufinity Studio supports cryptographic erasure for chat log data. Destroying the organization's encryption key renders all stored chat messages permanently unreadable. This applies to chat audit data specifically — other organization resources (sites, articles, configuration) are managed separately through standard deletion.

For data erasure requests, contact your Taufinity Studio administrator.

Licensing

Taufinity Studio is licensed per organization. The platform license covers access to the application, widget embedding (copilot), content management, and distribution features. There are no per-conversation or per-message fees for widget chat usage.

AI model costs depend on your plan:

  • Standard plans — AI usage is included and billed through Taufinity Studio. No separate provider accounts needed
  • Enterprise plans — Bring your own AI provider keys (BYOK) for direct billing, provider choice, and full cost visibility. AI costs are billed directly by your chosen provider