Why SUPERWISE Chat is safe to use at work
Why SUPERWISE Chat is safe to use at work
Section titled “Why SUPERWISE Chat is safe to use at work”Most people have the same quiet worry the first time they paste real work into an AI chat: Where does this go? Who can see it? Is it learning from my data? Will I get in trouble?
Those are fair questions, and you deserve straight answers. This page gives them. The short version: SUPERWISE Chat was built to be the AI assistant your company can actually approve — your work stays inside your organization, only the right people can see it, sensitive content is reviewed before and after the AI responds, and every action that matters leaves a record that can’t quietly be erased.
The rest of this page explains how that works, because trust you can verify is better than trust you’re asked to take on faith.
The one-sentence answer
Section titled “The one-sentence answer”SUPERWISE Chat keeps your company’s data inside your company, shows each person only what their role allows, checks risky content before and after the AI responds, and keeps a tamper-resistant record of who did what.
Everything below unpacks one of those four promises.
1. Your data stays inside your company
Section titled “1. Your data stays inside your company”When you work in Chat, you’re working inside your organization’s own private space — your workspace. Your conversations, the documents your team has added, your notes, and the context the assistant builds up about your work all belong to your organization and stay within your organization’s boundary.
Picture your company’s own locked building. Other companies that use SUPERWISE Chat are in entirely separate buildings — there’s no shared lobby where conversations from different companies mingle. Every single time Chat looks something up — a past conversation, a document, a usage record — it first checks that the data belongs to your workspace. This isn’t a courtesy filter bolted on at the end; the check is wired into every read and every write the system performs, and an automated test suite deliberately tries to reach across the boundary on every build to confirm it can’t.
There is exactly one controlled exception, and it exists for support, not snooping: a platform-level administrator can be granted a temporary session that reaches across workspaces to help. It expires automatically after four hours, every use is recorded, and it can be revoked early. It’s the digital equivalent of a facilities manager being issued a badge that stops working at the end of the day — and the log always shows it was used.
For how that wall between organizations is built and verified, see How your data stays isolated.
2. Only the right people see the right things
Section titled “2. Only the right people see the right things”Inside your workspace, not everyone has the same access — and that’s deliberate. Chat uses a role-based model, so what each person can see and do matches their job rather than being all-or-nothing.
- A regular member can chat, create and share conversations, organize their work, and build up the assistant’s memory of their projects.
- A project owner or manager can manage a shared project’s knowledge and settings.
- A compliance or security reviewer can be given a read-only oversight role: they can review what happened and export records for an audit, but they cannot change anyone’s work, post as someone else, or alter settings. Oversight without interference.
- An administrator manages people, integrations, and organization-wide settings.
Roles build on one another in a deliberate ladder — higher roles include the abilities of the ones below them, but they never accidentally pick up powers they weren’t meant to have. (Two roles can sit at the same level yet have entirely different jobs; one being “as senior as” another doesn’t mean it inherits the other’s reach.) That design produces a few guarantees worth spelling out:
| Your worry | How the role model handles it |
|---|---|
| ”Can someone quietly promote themselves to admin?” | No. A person can only assign roles below their own level, and only administrators can hand out top-level roles at all. The core role definitions can’t be altered while the system is running. |
| ”Will a teammate stumble into something they shouldn’t?” | No. Every protected action is checked against that person’s permissions first; if they lack it, the action is simply refused. |
| ”Can a reviewer who audits us also change our data?” | No. The compliance oversight role is read-only by design. |
This is also why IT and security teams tend to relax once they see how Chat is set up: access maps cleanly onto roles, and the genuinely risky combinations — like being able to audit and being able to alter — are kept apart on purpose. The principle is separation of duties: the people who review are deliberately not the people who change, and no group can quietly expand its own access.
3. Risky content is reviewed — before and after
Section titled “3. Risky content is reviewed — before and after”You may occasionally notice that Chat reviews a message for safety. That’s not the system being difficult; it’s the system doing exactly what your organization would want.
As Chat works on your message, it applies a safety review at several key moments, using the policies your organization has configured:
- When you send a message — your input can be screened for clearly inappropriate or manipulative content before any real work begins.
- As the assistant gathers supporting information — sensitive or confidential material can be filtered out before it’s ever used in an answer.
- Just before the AI is asked to respond — the full request is checked against your policies.
- Before the answer reaches you — the response itself is reviewed.
If something is held back, Chat tells you plainly — for example, that your message was reviewed for safety compliance before processing — rather than failing silently. You’re never left guessing about what happened.
These reviews are designed around a sensible rule of thumb. At the earliest stages — checking your raw input, screening gathered material — a momentary hiccup in the safety service won’t block your legitimate work from continuing. But at the most sensitive stages — just before the AI is asked to respond, and before the answer reaches you — the system errs firmly toward caution: if it can’t confirm the content was reviewed, it holds back rather than risk letting an ungoverned answer through. Caution is applied exactly where it matters most.
4. A clear, lasting record
Section titled “4. A clear, lasting record”Trust isn’t only about prevention — it’s about being able to look back and know what happened. Chat keeps durable records of the actions that matter:
- Who was granted or removed access, and when.
- What safety reviews occurred as messages were processed.
- What settings were changed.
- What you consented to — and any time you changed your mind.
Crucially, these records are built to resist tampering. Settings-change history, for example, is append-only: it can be added to, but not edited or erased — not even by an administrator. So if your company is ever asked “show us what actually happened,” the answer is honest by construction rather than by promise.
5. You control your own data and consent
Section titled “5. You control your own data and consent”Some of what Chat does is essential to giving you an answer at all; the rest is optional and entirely your call.
- Essential processing — handling your message so the AI can reply, and the safety review itself — is part of the core service. It can’t be switched off, because without it there’s no product, and Chat is upfront that this is the case.
- Optional processing — like letting the assistant build up memory about your work, or indexing your documents so they’re searchable — is yours to grant or revoke whenever you choose.
Chat also publishes a plain-language catalog of what it does with data and why, with no auth required to read it. For the optional things, you’re always asked; for everything, you’re always told.
The whole trust story, in one picture
Section titled “The whole trust story, in one picture”It helps to see your message as a short, supervised round trip rather than a one-way send into the unknown:
You type a message │ ▼ Safety review of your input ──► clear notice if anything is held back │ ▼ Chat finds answers using YOUR organization's knowledge (and the public web only if you opted in — itself reviewed) │ ▼ Safety review of the request, then of the answer │ ▼ The answer comes back to you │ ▼ A tamper-resistant record is kept of what mattered, readable only by logged, role-gated oversightAt no point does your message leave your organization’s workspace for a public AI, and at no point is a colleague casually reading along.
Putting it together
Section titled “Putting it together”Your work lives in your company’s private space. Inside it, roles decide who can see and do what. Sensitive content gets a safety review on the way in and the way out, according to your company’s policies. Every important action leaves a record that can’t quietly be erased. And the optional stuff is your choice.
That combination — private by default, governed by role, reviewed for safety, and honestly recorded — is what makes SUPERWISE Chat something your organization can confidently approve, and something you can use for real work without second-guessing.
Governance here isn’t control for its own sake. It’s the set of guarantees that let you stop worrying and get on with your work.
Keep reading
Section titled “Keep reading”- Your privacy — what’s collected, why, and how to manage your consent.
- What not to share — practical guidance on sensible inputs.
- Why it said no — understanding refusals and safety holds.
- How Chat is different from other chatbots — why a work-grade assistant is built differently from a consumer one.
- How your data stays isolated — the wall between organizations, in more depth.