Affinity Design
User Guide

Data & Privacy

How your data is accessed, stored, and protected on the Affinity Design platform

Data Access

Who Can See Your Data

RoleAccess Level
YouFull access to your portal data — calls, billing, websites, assets, Command sessions
Other User/Client accountsNo access — strict isolation
Affinity Design (platform)System-level access for infrastructure and reliability only

How Command Accesses Your Data

Command reads your data through scoped resource endpoints — it does not have unrestricted database access:

ResourceWhat Command Sees
billing://overviewInvoices, plan, balance — only your account
reports://latestYour most recent monthly report
reports://listAll your monthly reports
seo://overviewSearch data for your website only
website://listYour website and connection status
knowledge://doc/*Knowledge Base docs for your account
WordPress toolsContent on your connected WordPress site
Social media toolsYour scheduled and published posts

Command never displays raw API keys, tokens, or credentials — even when it uses them to perform actions.

Account Isolation

The platform enforces strict isolation between accounts:

  • Your data is scoped to your accountId
  • Command sessions are bound to your account
  • Assets, knowledge docs, and billing are all scoped to your account only
  • Portal API endpoints authenticate and filter by your account identity
  • No cross-account data leakage is possible through the portal or Command

Command Session Data

What's Stored

  • Session metadata (title, status, creation date)
  • All messages — your inputs and Command's responses
  • Tool calls and results (what actions Command took)
  • Confirmation requests and your approvals/denials
  • File attachments (referenced, stored in your Asset Library)

Who Can See Sessions

  • You — all your sessions
  • No one else — sessions are not shared with other accounts

Session Retention

  • Active sessions persist until you archive them
  • Archived sessions are retained per the platform's standard data retention policy for your plan
  • You can request deletion of specific sessions through Support

Knowledge Base Privacy

  • Documents you create are stored in your account-scoped database
  • Command reads knowledge docs before acting — they are not sent to other accounts
  • Read-only starter templates (if provided by Affinity Design) can't be edited directly, but can be duplicated into an editable copy

AI Model & Training

QuestionAnswer
Is my data used to train AI models?No. Your data is not used for model training.
Does Command learn from my sessions?Command uses your session context within the same conversation only. It does not persist "learnings" across sessions.
Are my prompts sent to third parties?Prompts are sent to Google's Gemini API for processing. Google's data handling terms apply.

Data Retention

Data TypeRetention
Call recordingsPer your plan's standard retention policy
Command sessionsUntil you archive them, then per platform policy
Billing recordsPer financial record requirements
AssetsUntil you delete them
Knowledge Base docsUntil you delete them

Security Measures

  • Authentication — All portal access requires authentication
  • Encryption — Data in transit is encrypted (TLS)
  • Authorization — API endpoints verify account identity on every request
  • Feature gating — Portal features can be enabled or disabled per your plan
  • Confirmation flow — Sensitive Command actions require your explicit approval
  • No credential exposure — API keys and tokens are never displayed in the portal or Command responses

Your Rights

  • View your data — Access your portal and Command sessions at any time
  • Request deletion — Ask Support to delete specific data
  • Export data — Download invoices, reports, and call history
  • Disable features — Turn off specific portal sections yourself in Settings → Features
  • Report concerns — Contact Support about any data privacy issue

For specific data privacy questions not covered here, contact Support. They can provide details about data processing and compliance certifications.

On this page