Domains & security
Seny enforces an origin allowlist on every voice connection so nobody can embed your widget on a site you don't control and burn through your credits.
Adding allowed domains
Open the Domains tab on any widget and add the domains where you want the widget to work. Subdomains are automatically included, so adding example.com also permitswww.example.com and app.example.com.
If the list is empty, the widget accepts connections from anywhere — fine for testing but not what you want in production.
How the allowlist is enforced
- The embedded script opens a WebSocket to Seny's voice broker with an
Originheader set by the browser. - The broker extracts the hostname from
Originand checks it against the widget's allowlist. - If the host matches one of your entries (or a subdomain of one), the session is allowed to start. Otherwise the connection closes with code
1008and a origin not allowedmessage in the browser console.
Development origins
A few hosts are always permitted so you can test without touching the allowlist:
localhost,127.0.0.1*.ngrok.app,*.ngrok-free.app,*.ngrok-free.dev*.vercel.app- CodePen, JSFiddle, StackBlitz, CodeSandbox preview iframes
Credit isolation
Every conversation debits credits from the organization that owns the widget, not from a shared pool. If an abusive page bypasses your allowlist somehow, the blast radius is one widget.
Rate limits
Seny applies per-plan concurrency caps so a runaway site can't saturate your quota:
- Starter — 10 concurrent conversations
- Growth — 50 concurrent
- Scale — 500 concurrent
- Enterprise — custom
When the cap is hit, new connections are rejected with WebSocket code 1013 (try again later). The widget retries automatically with exponential backoff.
Data privacy
Voice audio is never stored. Transcripts and tool calls are persisted for analytics (you control retention in the dashboard). Nothing personally identifiable is shared across organizations.