Online Order

Security in the Guest AI Assistant

3 min read#7

The guest AI assistant powers the entire chat experience in Online Order. This article explains how security is built and what protections are in place.

How the guest AI works

When a guest opens their ordering link, AI responses are fetched from Vendion's servers. The service:

Receives the guest's message
Builds context from menu, allergens, and any customer profile
Generates an AI response
Returns the response + any menu options

Architecture

The guest is not logged in – they should be able to order without an account. This means security is handled via rate limits and secure signed links on the server side, without requiring login from the guest.

Active security measures

Rate limiting

Chat: 30 requests per minute per user
Ordering: 60 requests per minute per user
Order creation: 10 new orders per 10 min per user
SMS code: 1 per 5 min per phone, 10 per day per phone, 3 per 10 min per user

Spam protection

In addition to rate limits, we use a fingerprint to detect distributed spam where someone rotates networks but has the same browser.

Secure signed link for order flow

When an order is created it gets a secure signed link required for all subsequent calls (add product, remove, mark as paid). This prevents someone from guessing other order IDs and manipulating orders.

Restaurant validation

The service always checks that the restaurant is valid before chat can be used.

Security improvements planned

Security improvements are planned – our support team can provide status. We continuously work on raising protection. Contact support@vendion.com if you want to know more about specific scenarios.

What you as a restaurateur should know

The cost is low in practice – rate limits prevent normal abuse
Report suspicious activity to support@vendion.com if you see unusual numbers of chat messages without resulting orders
Data doesn't leak – the menu is already public via your ordering link, so the risk is low

What the guest is protected against

Manipulation of others' orders – closed via secure signed link per order
SMS code brute force – closed via phone- and rate-based limiting
Overload of order creation – closed via the 10-order-per-10-min limit
Customer profile scraping – closed via SMS verification required to read phone-linked data

Further questions

Security is ongoing work. If you as a customer have questions about specific scenarios or want a security review, contact support@vendion.com.

This feature is part of Vendion Online Order.

Curious how it looks in practice? Read more about the product or book a short demo.

Read about Vendion Online Order Book a demo

Was this article helpful?

Fiscal Compliance for Online Orders

Online orders currently don't use the control unit; for fiscal safety use the POS. This is being updated.

OTP and Phone Verification for Guests

How SMS-based OTP verification works in Online Order – flow, rate limits, cost, and how to support guests with issues.

Secure Link for Order Flow

How online orders are secured with a secure signed link – how it works, what it protects against, and what happens when it expires.