The unit of separation: your organization
When you sign up, you get an organization — your private workspace. Everything you create lives inside it: your agents, knowledge bases, conversations, CRM contacts, billing, and team. Your organization is the boundary. Every piece of data you create is tagged to your organization, and the platform scopes every request to the organization of the signed-in user. One organization’s users cannot read, search, or retrieve another organization’s data. Two businesses using A2V2.ai are, in practice, working in separate rooms — they share the same building, never the same room. This is what “multi-tenant” means: many customers run on shared infrastructure, but each customer’s data is logically separated and only ever served back to that customer.Each agent is isolated too
Isolation doesn’t stop at the organization. Within your organization, each agent has its own private knowledge. When you train an agent on a document, that content is indexed into a search space dedicated to that agent. A different agent in the same organization can’t retrieve it. This is why:- Training one agent on a document does not make it available to your other agents.
- A public-facing support agent and an internal HR agent can live in the same organization without ever crossing knowledge.
- Deleting a source from one agent doesn’t affect any other agent.
If you want two agents to share knowledge, add the source to each of them. There’s
no shared pool — separation is the default, by design.
The people who use your agent are separated from the people who build it
There are two very different kinds of “users” on the platform, and they have completely separate access:- Your team signs in to the dashboard to build, train, and manage agents. Their access is governed by roles — Owner, Admin, and User — so you decide who can touch billing, who can manage content, and who only has limited access.
- Visitors who chat with your embedded agent are end-users on your website. When an agent is restricted, visitors sign in with their own separate login. That login lets them talk to the agent and see their own conversation — it does not grant any access to your dashboard, your other agents, or anyone else’s chats.
How you sign in
Account access is protected by design:- You sign in with a one-time passcode sent to your email, or with Google. There’s no reusable password to leak or reuse.
- Passcodes are short-lived and single-use.
- Signing out ends your session — access is tied to an active session, not a permanent key.
HIPAA-eligible models
If you work with health-related information, model choice matters. In the model selector on the Sandbox, some models carry a HIPAA badge. That badge marks models that are eligible for use in HIPAA-regulated workflows; models without it are not marked for that use. See Choosing a model for how the HIPAA and Premium badges factor into model selection.Where your data lives
At a high level:- Your content — the files, URLs, and Q&A you train agents on — is stored securely in the cloud and used to answer questions for your agents only.
- Your conversations and contacts are stored in your organization and visible only to your team, according to their roles.
- You stay in control. You can delete sources, conversations, and contacts. When you remove a source, it stops being used in answers.
A2V2.ai uses leading AI providers to generate answers and embeddings. Which provider
is used depends on the model you choose for each agent.
For specifics about data handling and any agreements relevant to your industry,
reach out to support@a2v2.ai.
What this means for you
- You can safely run multiple agents — public and internal — from one organization without their knowledge mixing.
- Use roles deliberately. The strongest control you manage day to day is who’s on your team and what role they hold. Review members and roles periodically.
- Restrict sensitive agents. If an agent shouldn’t be open to the public, use visibility and access controls so only authenticated visitors can reach it.
- Ask when in doubt. For compliance questions specific to your industry, support@a2v2.ai is the right starting point — this page explains how isolation works, not what your regulatory obligations are.
Related
Members & roles
Control who on your team can do what.
Agent visibility & access
Make an agent public, restricted, or paid.
API keys
Scoped, per-agent programmatic access.
How RAG works
How agents answer only from your content.