Glossary
Technical terms explained in plain language. No jargon, no fluff.
Security & Authentication
API Key
A secret password your app uses to prove it's allowed to talk to our system. Like a keycard for a building — without it, the door won't open. Never share it publicly.
Bearer Token
A temporary pass you include in every request so the server knows who you are. Think of it like showing your ID badge each time you walk through security.
OAuth
A way to let one app act on your behalf without giving it your password. Like letting a valet park your car — they get a special key, not your house keys.
JWT (JSON Web Token)
A small, signed package of information (like your user ID and role) that the server gives you when you log in. Each request sends it back so the server can verify you without checking a database every time.
RLS (Row-Level Security)
A database rule that makes sure each bank or institution can only see their own data. Even if a bug leaks a query, RLS blocks access to other tenants' rows.
Multi-Tenant
Multiple organisations share the same app, but each one's data is completely walled off from the others. Like apartments in a building — same structure, separate locks.
Tenant ID
A unique identifier for your organisation inside the platform. Every piece of data you create is tagged with this ID so the system knows it belongs to you.
CORS (Cross-Origin Resource Sharing)
A browser safety rule. Your website at example.com can't call another site's API unless that API says 'yes, I trust example.com.' We set this up so only your domains can use the widget.
HMAC
A way to sign a message so the receiver can prove it hasn't been tampered with. We use it to verify widget tokens — if someone changes the token, the signature breaks.
Webhook Secret
A shared secret between you and a service (like Twilio or Resend). When they send you a webhook, they sign it with this secret so you can verify the message really came from them.
PII (Personally Identifiable Information)
Any data that can identify a person — name, email, phone number, account number. The platform scrubs PII from AI responses to prevent accidental leaks.
AI & Intelligence
Token
A chunk of text the AI reads or writes. Roughly 1 token = 3/4 of a word. 'Hello world' is 2 tokens. We cap tokens per channel to control response length and cost.
Temperature
A setting that controls how creative or predictable AI responses are. Lower temperature = safer and more consistent replies. Higher temperature = more variety, but more risk of drifting from expected answers.
Rate Limit
A cap on how many requests you can make in a given time window. Like a speed limit — go too fast and you get a 429 error (slow down). Protects the system from overload.
RAG (Retrieval-Augmented Generation)
Instead of the AI making things up, it first searches your uploaded documents (knowledge base) for relevant info, then writes a response grounded in real facts. Think of it as the AI doing homework before answering.
Embedding
A way to turn text into a list of numbers that captures its meaning. Similar sentences get similar numbers, so the system can find relevant documents even if the exact words differ.
Vector Search
Searching by meaning instead of exact keywords. The system converts your question to numbers (an embedding), then finds documents with the closest numbers. That's how RAG finds relevant answers.
Chunking
Splitting a long document into smaller pieces (chunks) so the AI can process them. Each chunk is stored separately with its own embedding. The default is 512 tokens per chunk.
System Prompt
Hidden instructions given to the AI at the start of every conversation. It defines the AI's personality, rules, and what it should or shouldn't say. You never see it, but it shapes every response.
Streaming / SSE
Instead of waiting for the full response, the AI sends words as it generates them — like watching someone type in real time. SSE (Server-Sent Events) is the technology that makes this work in the browser.
Fallback Model
A backup AI model used if the primary one is unavailable or fails. Like having a generator when the power goes out.
Confidence Score
A number (0-1) indicating how sure the AI is about its answer. Low confidence may trigger escalation to a human agent.
Intent
What the customer is trying to do — check balance, report fraud, ask a question. The system classifies each message's intent to route it to the right specialist agent.
Escalation
When the AI can't handle a request (too complex, too sensitive, or the customer asks for a human), it hands the conversation to a real person. The handoff is called an escalation.
Channels & Messaging
Channel
A way customers reach you — WhatsApp, SMS, email, web widget, voice call, etc. Each channel has different capabilities and limits, but all flow through the same AI pipeline.
Channel Adapter
Code that translates between a specific channel's format and the platform's internal format. Like a power adapter — different plugs, same electricity.
Webhook
A URL on your server that another service calls when something happens. WhatsApp sends a webhook when a message arrives, Twilio sends one when a call connects. It's the internet's version of 'call me when you hear something.'
USSD
Those text-based menus you get when you dial *XXX# on your phone. No internet needed — works on any phone. Limited to 130 characters per screen and numeric input only.
IVR (Interactive Voice Response)
The automated phone system: 'Press 1 for balance, Press 2 for support.' Our voice channel uses AI instead of rigid menus — callers speak naturally and get intelligent responses.
TTS (Text-to-Speech)
Converting written text into spoken audio. The AI writes a response, then TTS reads it aloud over the phone. We use ElevenLabs or Google TTS for natural-sounding voices.
STT (Speech-to-Text)
Converting spoken audio into written text. When a caller speaks, STT transcribes it so the AI can understand and respond. We use Deepgram for fast, accurate transcription.
TwiML
Twilio Markup Language — XML instructions that tell Twilio what to do during a call. 'Say this,' 'Play that audio,' 'Gather user input.' It's the script for your phone bot.
E.164 Format
The international phone number format: +[country code][number]. Example: +254712345678 (Kenya). Always starts with + followed by digits only. Required by Twilio and Africa's Talking.
Widget Token
A signed token embedded in your website's chat widget. It proves the widget belongs to your account without exposing your API key. Rotated regularly for security.
Data & Storage
Knowledge Base
Your uploaded documents, PDFs, and website pages that the AI uses as reference material. When a customer asks a question, the AI searches here first before answering.
pgvector
A PostgreSQL extension that lets the database store and search embeddings (lists of numbers). It powers the RAG system's ability to find relevant documents by meaning.
HNSW Index
A fast search method for finding similar embeddings. Instead of checking every document, it navigates a graph structure to find the closest matches in milliseconds.
Session
A single conversation thread between a customer and the AI. Each session has a unique ID and tracks all messages exchanged until the conversation is closed.
Brand Color
Your primary product color used across the widget, dashboard accents, and key UI elements. Keeping it consistent helps users instantly recognize your institution's identity.
Limits & Error Codes
Max Tokens per Channel
Each channel has a cap on how long AI responses can be. Voice: 150 tokens (short, spoken), SMS: 140 tokens (one text), USSD: 130 tokens, WhatsApp: 500 tokens, Widget/Email: 1000 tokens.
429 Error (Too Many Requests)
You've hit the rate limit — too many requests in a short time. Wait a moment and try again. The response header usually tells you how long to wait.
401 Error (Unauthorized)
Your API key is missing, expired, or wrong. Double-check your Authorization header and make sure the key is valid.
403 Error (Forbidden)
You're authenticated but don't have permission for this action. Usually means your role (agent, viewer) lacks the required access level.
502 Error (Bad Gateway)
An external service (AI provider, email service, etc.) is down or returned a bad response. Not your fault — usually resolves on its own. Retry after a few seconds.