Security Whitepaper
Orange AI Security Policy
This document details how the Orange AI enterprise customer service platform protects your business data and customer privacy at the architectural level. We apply industry-leading security practices to ensure every enterprise customer's data remains safe and secure.
Version: v1.0 Β· Last Updated: May 2026
1. Security Commitment
Orange AI recognizes that enterprise customers are entrusting us with their most sensitive business knowledge and customer conversation data. This trust is our most important responsibility. Security is not an afterthought β it is the first principle of every system design decision.
We commit to the following core principles:
Defense in Depth
Every layer of data access has independent security validation, from the frontend Widget to backend Cloud Functions.
Principle of Least Privilege
Each role is granted only the minimum permissions required to perform its function. Over-provisioning is strictly avoided.
Full Auditability
All critical operations are recorded in audit logs, giving enterprise administrators complete visibility into system usage at any time.
Data Sovereignty
Your business data belongs entirely to your organization. Orange AI does not share data across tenants or use your data for model training.
2. Infrastructure Security
Orange AI is built entirely on Google Cloud Platform (GCP), inheriting Google's world-class infrastructure security guarantees.
Google Cloud / Firebase Security Certifications
Firebase holds ISO 27001, SOC 1, SOC 2, and SOC 3 certifications, with GDPR and HIPAA compliance support. Google's data centers adhere to the most rigorous physical security standards in the industry.
Core Service Components
Firebase Firestore
The primary storage engine for enterprise data. All data is encrypted at rest and access is controlled by strict Security Rules.
Cloud Functions (2nd Gen)
All AI inference, vector search, and sensitive operations run in isolated server-side environments. The frontend never directly touches sensitive logic or API keys.
Cloud Storage
Knowledge base documents and media files are partitioned by organization ID. Storage Rules ensure cross-organization access is blocked at all times.
Firebase Authentication
Google-managed identity service supporting Google, Apple social login, and email/password authentication. No plaintext passwords are ever stored.
3. Authentication
Orange AI uses a dual-track authentication design, providing appropriate security levels for the enterprise management console and the external visitor Widget respectively.
Enterprise Console
- check_circleGoogle / Apple OAuth 2.0 social login
- check_circleEmail + password authentication
- check_circleFirebase ID Token validation throughout
- check_circleCustom Claims role injection (RBAC)
- check_circleAutomatic token rotation and expiry
External Visitor Widget
- check_circleFirebase Anonymous Authentication
- check_circleAccess restricted to own conversation only
- check_circleCannot access org settings or knowledge base
- check_circleRate limiting to prevent abuse
- check_circleAPI Token embedded authentication
4. Role-Based Access Control (RBAC)
The system implements RBAC using Firebase Custom Claims, embedding role information directly within JWT tokens. This ensures that even if application logic is bypassed, Firestore Security Rules and backend Functions independently enforce access control.
| Role | Access Scope | Restrictions |
|---|---|---|
| Super Admin | Platform-wide management (Orange AI team only) | Manages organizations via Admin Console; does not access customer business data |
| Org Admin | Full org settings, member management, knowledge base, Agent config, tool integrations | Limited to own organization; cannot access other orgs |
| Knowledge Manager | Maintain knowledge base, adjust Agent personas, configure external tools, read-only conversation access | Cannot reply to or take over real user conversations; no access to member management, org settings, or audit logs |
| Agent Customer Service |
Reply to and take over real user conversations | Cannot modify knowledge base, Agent settings, or access any org management functions |
| External Visitor | Chat via Widget (anonymous) | Own conversation only; no internal org access whatsoever |
Permission Matrix
| Feature | Admin | Knowledge Manager | Agent |
|---|---|---|---|
| Knowledge base management (add/edit/delete docs) | β | β | β |
| Agent persona settings (edit system prompts) | β | β | β |
| Tool integrations (add/edit external tools) | β | β | β |
| Conversation testing (RAG simulator) | β | β | β |
| Reply to real conversations (Inbox takeover) | β | β | β |
| Org settings (billing, quota, system config) | β | β | β |
| Audit logs (view) | β | β | β |
| Member management (invite/remove) | β | β | β |
Knowledge Manager Conversation Isolation
Knowledge Managers may read conversations in a read-only capacity to help optimize the knowledge base. The frontend hides takeover buttons and input fields for this role, while backend Firestore Security Rules and Cloud Functions independently block any write operations to real user conversations β ensuring dual-layer enforcement.
GoRouter Route Guards
The frontend uses GoRouter guards combined with Riverpod state management to prevent unauthorized users from navigating to protected pages. Backend Security Rules serve as the final line of defense β even if the frontend is bypassed, data cannot be retrieved.
5. Multi-Tenant Data Isolation
Orange AI employs strict multi-tenant isolation architecture, ensuring that data from different enterprises is separated at the architectural level β not merely by application logic.
Database Access Control
All database reads and writes are governed by server-side security rules. Every request must carry a valid authentication credential, and the requester's organizational membership is verified server-side β ensuring that no data belonging to another organization can be accessed, even if application-layer logic is bypassed. The backend rules act as an independent final line of defense.
System logs and audit records carry additional write protection, allowing only trusted backend services to write. Any write attempt from the frontend or a general user is rejected at the rule layer.
File Storage Isolation
All organization-related files are partitioned by organizational membership. Storage-layer access rules ensure that cross-organization access requests are rejected server-side, independent of any application-layer logic.
Vector Knowledge Base Isolation
Each organization's vector data (Embeddings) is stored in an isolated, dedicated space. RAG queries are strictly scoped on the backend to the requesting organization's vector space. Cross-tenant knowledge base access is architecturally impossible β not merely blocked by application logic.
6. Encryption & Transport Security
Encryption in Transit
- check_circleAll API communication enforces HTTPS / TLS 1.3
- check_circleStreaming responses use WSS encryption
- check_circleHSTS headers enforce secure connections
Encryption at Rest
- check_circleFirestore data encrypted at rest with AES-256
- check_circleCloud Storage files automatically encrypted
- check_circleKeys managed by Google Cloud KMS
7. Data Lifecycle Management
Orange AI provides complete data lifecycle management, ensuring data is appropriately protected at every stage and can be securely purged when no longer needed.
Data Creation
Uploaded knowledge documents immediately enter an isolated parsing pipeline, accessible only to authorized users within the organization. Temporary files are automatically cleaned up with a 1-day TTL.
Data Usage
During RAG queries, vector search is strictly scoped to the requesting organization. AI inference results are never used as training data.
Orange AI uses Google Gemini Enterprise Agent Platform Embedding (formerly Vertex AI, rebranded April 2026) to convert your knowledge documents into vectors. Per Google Cloud's terms of service, customer data sent via the Gemini Enterprise Agent Platform API is not used by Google to train its foundation models. Your enterprise knowledge remains under your full data sovereignty.
Data Retention
Conversation logs and audit records are retained per regulatory requirements. Exported audit reports (CSV etc.) are configured with automatic TTL expiry in Cloud Storage.
Organization Deletion & Data Erasure
When an organization account is terminated, the system automatically recursively deletes all associated Firestore collections, Storage files, and vector data, leaving no residual data. This operation is executed by a Super Admin in the Admin Console with multiple confirmation steps to prevent accidental deletion.
8. Frontend Key Protection
Orange AI strictly adheres to frontend/backend separation. Sensitive API keys and business logic never appear in frontend code.
verified_user Frontend (Flutter Web / Web Widget) Design Principles
- check_circleContains no AI API keys (Gemini, OpenAI, etc.)
- check_circleContains no third-party OAuth Client Secrets
- check_circleNever calls AI inference APIs directly β all AI requests are proxied through backend Functions
- check_circleFirebase configuration is protected by Firebase App Check and Security Rules
functions Backend (Cloud Functions) Security Management
- check_circleAll sensitive keys stored in Firebase Secret Manager (encrypted environment variables)
- check_circleIsolated execution environment β each request runs in an independent sandbox
- check_circleThird-party OAuth tokens are encrypted in Firestore; the frontend cannot read them directly
9. Rate Limiting & Abuse Prevention
To prevent malicious abuse or accidental API flood attacks, Orange AI deploys rate limiting mechanisms at multiple layers.
API Request Rate Limiting
Query endpoints enforce rate limits per session. Requests exceeding the threshold are automatically blocked, preventing any single user or automated script from exhausting shared compute resources.
File Upload Protection
File uploads are subject to strict size and format restrictions enforced at multiple layers. The parsing pipeline includes memory exhaustion protection to ensure service stability is not affected by large or malformed files.
Knowledge Compilation Resource Controls
Organization-level knowledge compilation tasks are subject to concurrency limits, preventing any single organization from monopolizing compute resources. Distributed locking ensures cross-tenant tasks do not interfere with each other.
Security Event Monitoring
Abnormal login attempts, repeated request failures, and suspicious operations are automatically recorded by the system for subsequent audit review and security alerting.
10. Audit Logs & Monitoring
Orange AI provides complete operational audit capabilities, enabling enterprise administrators to track all critical operation records.
Audit Log Coverage
Member additions/removals, role changes, Agent configuration modifications, knowledge base document uploads/deletions, third-party integration enablement/disablement, and all other critical organization setting changes are captured in audit records.
Tamper-Proof
Audit logs are written only by Cloud Functions. Firestore Security Rules block direct modification by the frontend or general users
Exportable
Org admins can export audit logs as CSV for compliance review or internal auditing
Real-Time Monitoring
System-level usage statistics and error events are periodically aggregated by Cloud Functions to power the management dashboard
11. AI Prompt Security
To address security risks specific to Large Language Models (LLMs), Orange AI deploys dedicated protection mechanisms at the AI inference layer.
Prompt Injection Protection
System prompts and user input are strictly isolated. Enterprise-configured Agent rules are injected as Hard Rules that users cannot override through conversation content.
Multimodal Content Protection
Uploaded images and documents undergo format validation and binary explosion protection before entering the knowledge base, preventing malicious content from affecting the system through file uploads.
AI Loop Protection
Agent Tool Calling has a maximum iteration limit to prevent AI from entering an infinite loop when search results are insufficient, ensuring service stability.
Knowledge Base Boundary Isolation
RAG search vector space is strictly limited to the querying organization's scope. AI cannot "learn" from or access other organizations' knowledge base content.
12. Large Language Model Provider Policy
Orange AI uses Google's Gemini Enterprise Agent Platform (formerly Vertex AI, rebranded April 2026) as the core service for LLM inference and vector embeddings. The following outlines Google's explicit commitments and relevant terms regarding enterprise customer data.
verified_user Google Cloud Service Terms β Section 17: Training Restriction
Per Google Cloud's terms of service, Google will not use customer data β including prompts, outputs, and derived data β to train or fine-tune any AI/ML models without prior customer authorization. This commitment applies to all managed models on the Gemini Enterprise Agent Platform, including both GA and pre-GA models.
The terms further guarantee: your data will not be used to train models for any other Google customer.
How Your Data Is Handled
Default In-Memory Caching (No Disk Write)
Inference inputs and outputs are cached in-memory only by default β never written to disk. Data is isolated at the project level with a 24-hour TTL for automatic expiry, used solely to improve response latency.
Limited Retention for Safety & Compliance
In certain scenarios, Google retains request data for a limited period per its Cloud Data Processing Addendum (DPA), solely for security monitoring, abuse detection, and legal compliance β never for model improvement.
Zero Data Retention Option
Eligible enterprise customers can apply for Zero Data Retention terms by signing a Data Processing Addendum amendment with Google Cloud, providing an additional layer of data protection.
Important: Paid API vs. Free Tier
The training restrictions and data protection commitments above apply exclusively to the paid Gemini Enterprise Agent Platform API. The free Google AI Studio tier is not covered by these protections. Orange AI exclusively uses the paid enterprise-grade API to ensure your data is fully protected.
References: Gemini Enterprise Agent Platform Zero Data Retention Β· How Gemini for Google Cloud uses your data Β· Google Cloud Service Terms
13. Third-Party Service Security
Orange AI integrates multiple third-party services to provide complete functionality. We apply the least-privilege principle to every integration and ensure their security at the architectural level.
| Service | Purpose | Security Measures |
|---|---|---|
| Google Gemini AI + Gemini Enterprise Agent Platform |
AI inference, vector embedding | API key stored in Secret Manager only; called via backend proxy. Google commits that Gemini Enterprise Agent Platform API data is not used for model training. |
| Meta (Facebook/IG) | Social messaging channel webhooks | Webhook verification token encrypted; source IP validation |
| Google Calendar/Docs/Sheets | Tool integrations | OAuth 2.0 tokens encrypted at rest; minimum required scopes per org |
| Firebase FCM | Agent push notifications | Device tokens bound to specific users; regular rotation mechanism |
| Apple Sign-In | iOS social login | Race condition protection; strict credential configuration control |
14. OAuth & Credential Management
All third-party OAuth authorization flows are completed server-side, ensuring Client Secrets are never exposed to the frontend.
Multi-Tenant OAuth Isolation
Each organization's OAuth tokens are stored in that organization's Firestore documents. Cloud Functions from other organizations cannot read cross-tenant tokens. Frontend paths for directly reading OAuth tokens are completely blocked by Security Rules.
Google Workspace integrations (Calendar, Docs, Sheets) comply with Google API's Limited Use policy, requesting only the minimum OAuth scopes required to deliver the functionality. When users revoke authorization, related features are immediately disabled.
15. Regulatory Compliance
Data Protection
-
gavel
Taiwan PDPA
Data collection and processing flows are designed in compliance with Taiwan's Personal Data Protection Act, with a clear privacy policy provided. -
gavel
GDPR Compatible
Firebase infrastructure is GDPR-compliant by design, supporting data access requests and the Right to Erasure.
Infrastructure Certifications
- verified Google Cloud ISO 27001 Certified
- verified SOC 1 / SOC 2 / SOC 3 Compliant
- verified Google API Limited Use Policy Compliant
- verified Apple App Store Review Guidelines Compliant
16. Security Vulnerability Disclosure
Orange AI values all reports from users and security researchers. If you discover a potential security vulnerability, please contact our security team through the following channels. We commit to an initial response within 72 hours of notification and will remediate confirmed vulnerabilities within a reasonable timeframe.
Security Contact
Responsible Disclosure Policy: We respect the contributions of security researchers. Please do not publicly disclose vulnerability details before a fix is in place. We do not take legal action against good-faith security research and welcome collaboration with the research community.
Β© 2026 Orange AI Β· Security Whitepaper v1.0 Β· Contact service@orangeai.tw