HolknDesign
← Back to studio
AI Concierge
Security Standard

What every Holkin Concierge ships with

Security, built in — not bolted on.

Every Holkin Concierge ships with real protection as standard. Most small‑business chatbots are off‑the‑shelf widgets with none of this. Here's what's included with yours — in plain English.

Standard on every build
Resistant to manipulationVisitors can't trick the concierge into breaking character, ignoring its rules, or acting outside its job — including hidden or encoded attempts.
Never leaks your data — or its own setupIt can't be talked into revealing its instructions, your pricing logic, or anyone's information. Sensitive details stay out of its reach.
Spam & bot protection on every formAn invisible bot‑check, per‑visitor limits, and duplicate‑blocking keep a script from flooding your inbox with junk leads.
No runaway billsHard spending caps and usage limits keep the AI's cost predictable — it can't be abused into a surprise invoice.
Privacy‑first data handlingWe collect only what's needed and keep as little as possible — no IP addresses stored, contact details kept out of internal logs. Aligned with Canadian privacy law (PIPEDA).
It only does what it's allowed toIts single job is to answer questions and pass you a lead. No access to other systems, other customers' data, or anything destructive.
Honest answers onlyIt answers from a knowledge base you approve — no invented prices, promises, or facts. If it doesn't know, it says so and offers to connect you.
Tested like an attacker wouldBefore launch we probe it the way a bad actor would — injection, data‑extraction, and abuse attempts — and fix what we find.
Measured against
OWASP ↗Top 10 for LLM Applications

The industry security checklist for AI apps — the risks every serious LLM product is measured against.

PIPEDA ↗Personal Information Protection & Electronic Documents Act

Canada's private‑sector privacy law, governing how your customers' information is collected and kept.

Also available

Enterprise‑grade options for businesses that need them — automated pre‑launch attack testing, content moderation, abuse alerting, and formal data‑retention & incident response.