Embedding chat as a first-party script on the host page is convenient — and risky. Anything on the page can read the DOM, hook network calls, or skim message text.
Lavenity keeps the conversation UI on our origin inside an iframe. Your site’s scripts never get a handle on message contents, and a compromised theme or third-party tag cannot quietly exfiltrate the thread.
The parent page only loads a tiny bootstrap script that opens the frame and passes the site ID. Cross-origin boundaries do the hard isolation work that same-page widgets cannot.
On top of that we sign visitor tokens so history cannot be forged, restrict the widget to allowlisted domains, apply a strict Content Security Policy, and rate-limit abusive traffic before it reaches your inbox.
If you run a security review, start with the iframe boundary, token signing, and domain allowlist — those are the controls that matter most for a chat embed.
For personal-data questions, see our Privacy Policy. For the operational checklist, open the Security page.