Admin Login Get started
Privacy-first · Self-Hosted · Adapter-based

Chatbots for websites — multi-tenant & trustworthy

Build your own chatbots backed by your knowledge base. Per-tenant isolation through PostgreSQL Row-Level Security. LLM provider is swappable — from OpenAI to a local model. MVP runs on GPT-5.4 mini.

Open the admin Try the widget
OIDC login· RLS per tenant· SSE streaming· Quotas
TrustChat ChatBotAdmin — Dashboard mit Bots, Konversationen, Token-Usage und Bot-Detailpanel
Features

Privacy by default. Costs under control.

Security and cost controls aren't a later optimisation — they are core to the MVP.

Private by default

PostgreSQL Row-Level Security. FORCE ROW LEVEL SECURITY. SET LOCAL app.tenant_id per transaction.

Self-hosted

Spring Boot · PostgreSQL · Keycloak · Nginx. Containers on Linux. No SaaS lock-in.

Model adapters

LLM access only through a port. OpenAI today. Anthropic, Azure, Ollama, KIPITZ tomorrow — same code.

RAG & knowledge base

Markdown · TXT · PDF. Embeddings in pgvector. Retrieval is always filtered by tenant_id and bot_id.

Quotas

Daily and monthly limits per tenant. Token and message tracking. Overflow is cleanly blocked.

Observability

Spring Boot Actuator, usage events, structured logs without secrets. Prometheus/Grafana ready.

Special rules

Define deterministic per-bot Q&A overrides – e.g. "ask for CV → link to /cv.pdf" – that always take precedence over the knowledge base.

Editions

Pick your edition

Community is free for testing. Pro is a single licence. Enterprise is for regulated environments.

Community

€0 / month

Demo / test purpose. 1 tenant, 1 bot, very low limits.

  • 1 active bot
  • 10 messages / day
  • 100 messages / month
  • GPT-5.4 mini
  • No custom branding
Start with Community
Recommended

Pro

Single licence

1 tenant, 1 bot, higher limits, domain allowlist.

  • 500 messages / day
  • 10,000 messages / month
  • Domain allowlist
  • Source management
  • Lead capture
  • Chat history
Request Pro

Enterprise

Custom

Multiple bots, own provider, local LLMs, KIPITZ adapter on the roadmap.

  • Multiple bots / tenant
  • Own provider configuration
  • Ollama / vLLM / Azure / Anthropic
  • Dedicated instance
  • SLA / DPA / audit
Talk to us
Privacy & self-hosting

Tenant isolation, technically enforced.

No tenant ID in the browser. No provider secret in the browser. Tenant resolution exclusively from the JWT claim tenant_id. Cross-tenant tests are mandatory. The application connects to PostgreSQL with a NoBypassRLS role.

Built for privacy. Designed for control.

TrustChat is built for organisations that demand control over their data and infrastructure.

  • 100% self-hosted
  • Linux-first & Docker-ready
  • Air-gapped deployments
  • Compliance-friendly by design
Server-Stack mit Linux-Pinguin und Sicherheitsschild — Symbolbild für Self-Hosting und Privacy
Choose an edition Open the admin
Public widget

One line. Any website.

Vanilla-JS widget with a public bot id. Domain allowlist enforced server-side. Rate limit per visitor. The browser never sees internal IDs or secrets.

<script src="https://<host>/widget.js"
        data-bot-id="public_..."></script>

Live preview

Loads in the bottom-right corner of this page once a bot is active.

Configure a bot