Security & AI Safety
Dazz Tech builds production AI systems for real businesses. This page explains how we approach data security, AI reliability, and human oversight in the systems we design and deliver.
Your data stays controlled
All API keys, database credentials, and service secrets are stored in server-side environment variables. They are never embedded in client-side JavaScript bundles, public repositories, or browser-accessible code.
Data stored in client systems we build is scoped to what that system genuinely needs. We use row-level security (RLS) to ensure that database access is controlled at the record level — not just at the application layer. We do not access, process, or store client data beyond what is required to deliver and maintain the agreed system.
We do not sell, share with advertisers, or use client data to train public AI models.
Designed to be reliable, not just capable
We do not claim that AI systems are infallible. Every production system we build includes deliberate constraints:
- RAG systems answer from approved sources only. Knowledge retrieval assistants are sandboxed to the document set you provide. They cannot browse the open internet or pull from unapproved sources. When no relevant content is found, the system says so — it does not fabricate an answer.
- Outputs are grounded and cited. Where possible, AI responses include a reference to the source document and section. This allows humans to verify answers rather than accept them blindly.
- Confidence thresholds and fallbacks. AI agent logic includes fallback paths for low-confidence cases. Rather than guessing, the system routes to a human or surfaces a safe default response.
- Input validation. All user-submitted inputs are validated server-side before processing. We apply schema validation and input length limits to prevent prompt injection and unexpected behavior.
People remain in control
AI handles the repeatable work. Humans keep control over what matters. In every system we build, high-impact actions are gated behind human approval:
- Publishing content to a live website
- Confirming appointments, bookings, or reservations
- Advancing deals or updating CRM pipeline stages
- Sending communications to customers on behalf of the business
- Making changes to financial records or inventory
The AI proposes or prepares; your team reviews and decides. This is not a limitation — it is the architecture.
Systems that stay reliable after launch
Production systems degrade over time if left unmonitored — especially AI pipelines that depend on third-party APIs, language model providers, and vector databases.
Systems delivered by Dazz Tech include server-side logging for errors, webhook failures, and unexpected states. On retainer engagements, we actively monitor system health, API cost limits, and failure rates — and address issues before they affect your users.
What we do not automate blindly
There are categories of action we will not automate without explicit human approval in the loop — regardless of technical feasibility:
- Autonomous outbound messaging or cold outreach at scale
- Financial transactions or payment processing
- Deletion of business-critical records
- Medical, legal, or financial advice delivered as fact
- Impersonation of a named human employee
- Fully autonomous deployment of content to live channels without review
If a project scope requires something in this category, we will discuss the risks openly and either design a safe review workflow or advise against automation entirely.
Questions about how we build
If you have questions about how a specific system would handle your data or implement AI safely, we are happy to discuss it before you commit to anything. Reach us at hello@dazztech.lk.