Secure, Privacy-First AI Helpdesk Software

Security and data protection

Data Ownership

OperatorOne is designed with ownership in mind. Your customer conversations, ticket data, and knowledge base content belong to you — not to us, and not to a third-party platform. The embedded widget collects only the information required to respond to a support request, and all ticket data is stored within your OperatorOne account.

We do not resell customer data, train unrelated models on your conversations, or use your support content for marketing purposes. You maintain full control over your sites, agents, departments, and stored conversations. If you ever choose to leave, your data can be exported and removed according to your retention preferences.

OperatorOne is built for businesses that value transparency and long-term control, not lock-in.

How AI interactions are handled

The AI engine uses an OpenAI-compatible API that you configure. Prompts include the conversation thread and your knowledge base content. Responses are generated by the provider you choose—OpenAI, Azure, or self-hosted. We do not train models on your data. AI logs (prompt/response for audit) are stored in your support database; you control retention and access.

PII Controls

Customer support conversations often contain personal information. OperatorOne gives you control over how personally identifiable information (PII) is handled within your support workflow.

You can define escalation rules to ensure sensitive requests are handed off to human agents when appropriate. AI responses can be configured to avoid requesting unnecessary personal data, and you maintain full visibility over all conversation history inside the dashboard.

By separating AI-generated replies from human escalation and keeping the full context available to your team, OperatorOne helps you manage customer data responsibly while maintaining efficiency. The system is designed to support privacy-conscious workflows rather than bypass them.

GDPR Compliance

OperatorOne is designed to support GDPR-aware workflows. You control where data lives, how long it is retained, and who has access. Export and delete customer data when required. Configure retention, restrict AI from requesting unnecessary PII, and use your own infrastructure (SMTP, hosting) to align with your compliance obligations. We do not sell or share your data with third parties for marketing. Secure helpdesk software with privacy-first customer support and data ownership.

Rate Limiting & Abuse Protection

Public-facing widgets attract traffic — and sometimes abuse. OperatorOne includes built-in rate limiting and request controls to protect your support system from spam, bot abuse, and excessive automated traffic.

Each site can enforce conversation thresholds and usage limits aligned with your subscription plan. This helps prevent unexpected cost spikes while ensuring legitimate users receive reliable service.

Rate limiting also improves performance stability, ensuring your support widget remains responsive and predictable even during traffic surges.

SMTP & Email Routing

OperatorOne supports secure SMTP configuration so you can route ticket notifications and replies through your own email infrastructure. This allows you to maintain control over outgoing communications, apply your existing email security policies, and align with your organisation's domain authentication standards (SPF, DKIM, etc.).

You can configure notification preferences, department routing, and escalation emails directly within the dashboard. This ensures support communications remain consistent with your brand and internal processes.

By allowing you to use your own email provider, OperatorOne avoids forcing you into a proprietary mail system and gives you flexibility over how support communications are delivered.

Domain validation

Each widget site has an allowed-domains list. CORS headers restrict which origins can load the widget and call the API. Only domains you explicitly allow can embed the widget. This prevents unauthorised sites from using your support instance.

Shared hosting compatibility

OperatorOne runs on PHP and MySQL. No Node, Redis, or Docker required. Suitable for shared hosting (cPanel-style). Ensure your host supports PHP 7.4+ (or 8.1+ for the control site), PDO MySQL, and mod_rewrite. Config files should be outside the web root or protected by .htaccess.

No lock-in policy

Cancel your subscription anytime. Export conversations and settings before leaving. Standard APIs and data formats mean you are not tied to proprietary systems. Your support data stays in your database; the control site only manages billing and user accounts.

Data retention controls

Conversation and ticket data is retained according to your configuration. You can purge old conversations manually or via script. AI logs can be trimmed for compliance. We recommend defining a retention policy that fits your jurisdiction and audit requirements.