Context

With the growing concern around adopting AI, particularly for data-sensitive organizations, there is increasing skepticism about chat interactions and proprietary training data transiting between AI service providers.

Although some providers offer SOC2 compliance which mitigates this issue, it isn't universally available and does not guarantee confidentiality without continuous vetting and audits. To address these concerns, the project aimed to create a secure, embeddable chatbot solution that avoids relying on bot builders or third-party integration services, thus preventing potential data leakage and ensuring that proprietary company information remained protected.

The focus was on safeguarding intellectual property, ensuring privacy, and avoiding vendor lock-in while minimizing the number of external services involved, thereby enhancing reliability and cost predictability.

Deliverables

I developed a lightweight, embeddable chatbot using plain vanilla JavaScript, HTML, and CSS to ensure minimal bloat. The chatbot was bundled using Webpack and was hosted on a virtual machine (VM) running a NestJS application on Nginx. The VM served as both a static file server and an API proxy to OpenAI and custom backend APIs.

For enhanced security, the entire solution was protected by the cloud provider’s application gateway, firewall, and load balancers. The VM was configured with autoscaling capabilities to ensure high availability, even during traffic spikes.

Results

The solution delivered several key benefits:

• Data Security and IP Protection: The absence of third-party services ensured that all chat interactions remained secure, eliminating concerns about data leakage or sharing of proprietary information with external providers.

• Reduced Vendor Dependence: By avoiding bot builders and third-party tools, the solution ensured full ownership and control over the chatbot’s features and infrastructure, avoiding vendor lock-in and ensuring flexibility for future modifications.

• Predictable Costs: With no reliance on external services and a self-contained infrastructure, the cost of running the solution remained predictable and manageable.

• Enhanced Reliability: Fewer moving parts meant fewer potential points of failure, resulting in higher system reliability and performance.

• Scalability: The VM's autoscaling capabilities allowed the system to handle traffic spikes seamlessly, ensuring continuous availability without performance degradation.

Overall, the solution provided a highly secure, flexible, and cost-effective chatbot infrastructure, fully under the client’s control, with minimal external dependencies.

Interested in this solution?