Affinity Design
Client Guide

Data & Privacy

How your data is accessed, stored, and protected on the Affinity Design platform

Data Access

Who Can See Your Data

RoleAccess Level
YouFull access to your portal data — calls, billing, websites, assets, Command sessions
Your agency (admin)Full access to your account, including Command session history
Other clientsNo access — strict client isolation
Affinity Design (platform)System-level access for infrastructure and reliability only

How Command Accesses Your Data

Command reads your data through scoped resource endpoints — it does not have unrestricted database access:

ResourceWhat Command Sees
billing://overviewInvoices, contract, balance — only your account
reports://latestYour most recent monthly report
reports://listAll your monthly reports
seo://overviewSearch data for your websites only
website://listYour websites and connection status
knowledge://doc/*Knowledge Base docs for your account
WordPress toolsContent on your connected WordPress sites
Social media toolsYour scheduled and published posts

Command never displays raw API keys, tokens, or credentials — even when it uses them to perform actions.

Client Isolation

The platform enforces strict isolation between client accounts:

  • Each client's data is scoped to their clientId
  • Command sessions are bound to your client account
  • Assets, knowledge docs, and billing are all client-scoped
  • Portal API endpoints authenticate and filter by your client identity
  • No cross-client data leakage is possible through the portal or Command

Command Session Data

What's Stored

  • Session metadata (title, status, creation date)
  • All messages — your inputs and Command's responses
  • Tool calls and results (what actions Command took)
  • Confirmation requests and your approvals/denials
  • File attachments (referenced, stored in your Asset Library)

Who Can See Sessions

  • You — all your sessions
  • Your agency admins — all sessions for clients they manage
  • No one else — sessions are not shared between clients

Session Retention

  • Active sessions persist until you archive them
  • Archived sessions are retained per your agency's data retention policy
  • You can request deletion of specific sessions through your agency

Knowledge Base Privacy

  • Documents you create are stored in your client-scoped database
  • Your agency can also create documents in your Knowledge Base
  • Command reads knowledge docs before acting — they are not sent to other clients
  • Read-only documents are agency-managed and cannot be modified by you

AI Model & Training

QuestionAnswer
Is my data used to train AI models?No. Your data is not used for model training.
Does Command learn from my sessions?Command uses your session context within the same conversation only. It does not persist "learnings" across sessions.
Are my prompts sent to third parties?Prompts are sent to Google's Gemini API for processing. Google's data handling terms apply. Your agency can configure an AI gateway for additional control.

Data Retention

Data TypeRetention
Call recordingsPer your agency's retention policy
Command sessionsUntil you archive them, then per agency policy
Billing recordsPer financial record requirements
AssetsUntil you or your agency delete them
Knowledge Base docsUntil you or your agency delete them

Security Measures

  • Authentication — All portal access requires authentication
  • Encryption — Data in transit is encrypted (TLS)
  • Authorization — API endpoints verify client identity on every request
  • Feature gating — Portal features can be disabled per-client by your agency
  • Confirmation flow — Sensitive Command actions require your explicit approval
  • No credential exposure — API keys and tokens are never displayed in the portal or Command responses

Your Rights

  • View your data — Access your portal and Command sessions at any time
  • Request deletion — Ask your agency to delete specific data
  • Export data — Download invoices, reports, and call history
  • Disable features — Ask your agency to turn off specific portal sections
  • Report concerns — Contact your agency about any data privacy issue

For specific data privacy questions not covered here, contact your agency. They can provide details about their data processing agreements and compliance certifications.

On this page