Stella Security Documentation

The Gear Foundation

Security, Privacy & Trust in the "Stella" Support Chatbot

Stella is a support chatbot used by The Gear Foundation to help children and parents with special needs get quick, reliable information.

Because we work with vulnerable families, we designed Stella with safety, privacy, and data minimization front and center. This document explains, in plain language, how the system works and how we protect conversations.

1

High-Level Architecture

Stella is built from a small set of well-understood components:

Web chat & conversation logic – Voiceflow

  • The chat bubble on the website and the "brain" that manages the conversation flows.
  • Handles what Stella says next, when to ask follow-up questions, and when to call other services.

Internal knowledge base – Google Drive → n8n → Voiceflow

  • The Gear Foundation keeps its official documents (FAQs, guides, policy documents, etc.) in a specific Google Drive folder.
  • An automation tool called n8n watches this folder and updates Voiceflow's knowledge base API when documents are added or changed.
  • This means Stella's "built-in knowledge" always comes from approved, internal documentation.

External research – Perplexity Sonar API

  • When internal documents are not enough to answer a question, Stella can call the Perplexity Sonar API, an AI-powered answer engine that searches and cites the public web.
  • In practice, many questions will use this step, so Perplexity is treated as a core vendor in our security and privacy model.

Transcripts & reporting – self-hosted n8n + NocoDB

  • Conversation transcripts are automatically generated inside Voiceflow.
  • A separate n8n workflow regularly pulls those transcripts via API into a self-hosted NocoDB database, where The Gear Foundation can review conversations, monitor quality, and generate reports.
  • This gives the nonprofit direct ownership of long-term conversation data.
2

Where Your Data Goes (and Doesn't Go)

When a parent or young person chats with Stella:

1

Message enters Voiceflow

The message is sent over an encrypted connection (HTTPS/TLS) to Voiceflow's servers, where the conversation logic runs.

2

Stella checks internal knowledge first

Voiceflow passes the question into its knowledge base, which has been populated from The Gear Foundation's Google Drive via n8n. If the answer can be fully handled from these documents, it is answered without leaving Voiceflow's environment.

3

If needed, Stella calls Perplexity Sonar

If internal content isn't sufficient, Stella sends a minimal version of the question to the Perplexity Sonar API.

The Sonar API:

  • Processes the request
  • Returns an answer and links to its sources
  • Does not keep or reuse the prompt or answer content
4

Transcripts are stored in two places

  • Voiceflow generates the conversation transcript available through their API layer.
  • n8n exports those transcripts into a self-hosted NocoDB database, where The Gear Foundation controls access and retention.

We design prompts and workflows so that unnecessary personal details are not required for Stella to be helpful, especially around medical or educational information.

3

Our Vendors' Security & Compliance

VF

Voiceflow

Chat interface & conversation engine

Voiceflow provides the platform that powers Stella's chat logic and internal knowledge search. For all data stored on its platform (including transcripts and knowledge base content), Voiceflow:

SOC 2 Type I-compliant
ISO/IEC 27001:2022-certified
GDPR aligned
TLS 1.2+ encryption in transit
AES-256 encryption at rest
P

Perplexity Sonar API

External research engine

Stella uses Perplexity's Sonar API when it needs to research the public web. For this API, Perplexity documents that:

Zero Data Retention Policy for the Sonar API:

  • Prompts and responses sent via the API are not retained
  • Are never used to train or fine-tune Perplexity's models
SOC 2 Type II-compliant enterprise environment

In other words: when Stella calls the Sonar API, the content of that request is used once to generate an answer and then discarded by Perplexity. Perplexity may keep minimal usage metadata (for example, token counts and timestamps) for billing and abuse-prevention, but not the transcript content.

4

Transcripts, Storage & Retention

We deliberately separate live chat processing from long-term storage:

1 Voiceflow transcripts

  • For the website chat widget, Voiceflow automatically saves transcripts for each conversation.
  • These are stored in Voiceflow's secure, SOC 2 / ISO-certified environment and are accessible only to authorized project admins.

2 Self-hosted NocoDB

A self-hosted n8n workflow regularly pulls transcripts from Voiceflow's API and writes them to a self-hosted NocoDB database. This database powers:

  • Conversation review and quality improvement
  • Tracking common questions
  • Reporting back to stakeholders (boards, funders, etc.)

3 Retention & deletion controls

Because transcripts are also stored in NocoDB, we can configure a retention policy that matches the nonprofit's comfort level—for example:

  • Delete transcripts from Voiceflow after a defined number of days or months, once safely copied
  • Retain or anonymize transcripts in NocoDB for research, training, or reporting

If a parent or guardian requests that a particular conversation be deleted, we can locate it in NocoDB and Voiceflow, and remove or anonymize it across both systems.

This gives the nonprofit practical control over how long conversation data exists and who can see it.

5

Protecting Children, Parents & Special Needs Information

Because Stella serves children and families with special needs, we take extra steps beyond standard SaaS security:

Data minimization

  • Stella is designed not to ask for full names, addresses, or detailed medical histories unless absolutely necessary.
  • When possible, questions are phrased in general terms ("my child" vs. full identity).

Not a replacement for professional care

  • Stella is not a doctor, therapist, or lawyer.
  • For clinical or crisis situations, Stella provides general information only and encourages follow-up with professionals.

Clear escalation paths

Where Stella cannot safely or appropriately answer a sensitive question, it will encourage contact with a human or recommended service.

Parental control & access

The Gear Foundation can establish processes so that parents/guardians can request deletion/anonymization of particular logs.

In short: the system is set up so technology supports families, but does not quietly accumulate more sensitive data than is needed.

6

Summary – Key Assurances for Our Partner

  • Stella's core knowledge comes from The Gear Foundation's own, vetted documents via a controlled Google Drive → n8n → Voiceflow knowledge base pipeline.
  • Voiceflow provides the chat engine and stores knowledge and transcripts in a SOC 2 Type I– and ISO 27001–certified, GDPR-aligned environment with encryption in transit and at rest.
  • Perplexity Sonar API is used for web research and operates under a documented Zero Data Retention Policy for prompts and responses, with no use of API data for model training, on top of SOC 2 Type II–level controls.
  • Conversation transcripts are mirrored into a self-hosted NocoDB database via n8n, giving The Gear Foundation direct ownership and control over long-term data.
  • We apply data minimization, clear retention policies, and parent/guardian control to respect the sensitivity of conversations about children and special needs.
PLANNED

Version 2 Upgrade: ElevenLabs Conversational Agents & Voice

We are currently developing a Version 2 of Stella that will migrate from the existing chat engine to ElevenLabs Conversational Agents. This upgrade is focused on improving accessibility (natural voice), reliability, all while preserving the same core security principles.

Key changes in V2:

Conversation engine migration

The current chat runtime (Voiceflow) will be replaced by ElevenLabs Agents, which will handle conversation logic (what Stella says next, tool calls, etc.) and both text chat and voice interactions in a single agent.

Voice-first accessibility

Stella will be able to accept spoken questions (speech-to-text) and respond with natural-sounding speech (text-to-speech). This is designed to better support:

  • Parents who prefer listening over reading
  • Children and users with reading or motor challenges

Data flow shift

  • User inputs (text or audio) will be processed by ElevenLabs instead of Voiceflow
  • Internal knowledge will still come from The Gear Foundation's documents, synced via Google Drive → n8n → agent retrieval tools
  • External research will still go through the Perplexity Sonar API with its zero-retention policy
  • Conversation records will still be exported into our self-hosted NocoDB via n8n
11

ElevenLabs Security & Compliance

Platform for agents and voice

SOC 2 Type II certified
ISO 27001 certified
PCI DSS Level 1 certified
GDPR & HIPAA-aligned
Encryption in transit (HTTPS/TLS) and at rest

Retention, data residency, and training controls

ElevenLabs allows us to configure per-agent retention periods and enable Zero Retention Mode for sensitive flows. Our plan is to configure these options so that:

  • Only the minimum necessary data is logged
  • Retention windows match The Gear Foundation's policies
  • Long-term storage remains under our control in self-hosted NocoDB

What stays the same

  • Stella's mission: supporting children and parents with special needs in a safe, respectful way
  • Internal knowledge pipeline: Google Drive → n8n → searchable knowledge base
  • External research layer: Perplexity Sonar API with zero-retention for prompts/responses
  • Long-term data ownership: transcripts and reporting still live in a self-hosted database under The Gear Foundation's control
  • Data minimization and parental control: we will continue to avoid unnecessary personal details and honor deletion/anonymization requests from parents or guardians