# RiserLabs — LLM Full Context Last-Updated: 2026-02-26 Version: 1.2 Canonical-Language: en Supported-Languages: en, ru, es ================================================== 0) Identity and scope ================================================== Product: RiserLabs is a B2B no-code AI assistant platform (widget + API), grounded in client-provided data (URLs/files/catalog sources), with lead capture and controlled actions. Public entry points: - EN: https://riserlabs.io/en - RU: https://riserlabs.io/ru - ES: https://riserlabs.io/es Primary surfaces: - Marketing site - Public docs - Legal pages - Dashboard (authenticated) - Widget embed - API ================================================== 1) Canonical URLs by language ================================================== [EN] - Main: https://riserlabs.io/en - Docs: https://riserlabs.io/en/docs - Pricing: https://riserlabs.io/en/subscription - Contact: https://riserlabs.io/en/contact - Terms: https://riserlabs.io/en/terms - Privacy: https://riserlabs.io/en/privacy - Agencies: https://riserlabs.io/en/agencies - Partners: https://riserlabs.io/en/partners - eCommerce solution: https://riserlabs.io/en/solutions/ai-ecommerce-widget [RU] - Main: https://riserlabs.io/ru - Docs: https://riserlabs.io/ru/docs - Pricing: https://riserlabs.io/ru/subscription - Contact: https://riserlabs.io/ru/contact - Terms: https://riserlabs.io/ru/terms - Privacy: https://riserlabs.io/ru/privacy - Agencies: https://riserlabs.io/ru/agencies - Partners: https://riserlabs.io/ru/partners [ES] - Main: https://riserlabs.io/es - Docs: https://riserlabs.io/es/docs - Pricing: https://riserlabs.io/es/subscription - Contact: https://riserlabs.io/es/contact - Terms: https://riserlabs.io/es/terms - Privacy: https://riserlabs.io/es/privacy - Agencies: https://riserlabs.io/es/agencies - Partners: https://riserlabs.io/es/partners ================================================== 2) Product capabilities (publicly documented) ================================================== - Website/app widget integration - API-based integration - Grounded responses from connected sources - Persona/rules/scenario configuration - Server-side controlled CTA/actions - Leads capture and routing (Email / Telegram / Webhook / CRM via webhook pattern) - Security controls (domain allowlist, anti-spam/captcha, access controls) - Plan-based limits (events, sources, context/output caps, retention windows) ================================================== 3) Integration quickstart (canonical summary) ================================================== Typical public flow: 1. Create project in dashboard 2. Obtain publishable project key 3. Configure widget settings 4. Connect sources (URLs/files/catalog) 5. Configure personas + CTAs + lead delivery 6. Embed widget and test on real allowed domain(s) Known embed-related parameters from docs/examples: - projectKey - apiBase (example: https://riserlabs.io) - title - position Optional examples: - locale - theme - externalUserId Mentioned integration methods: - Script - React - Bitrix ================================================== 4) Security model (public/legal) ================================================== - Domain allowlist for widget embedding - Anti-spam/captcha protections - Server-side execution pattern for controlled actions - Encryption in transit; security controls in architecture - Logs/history retention is plan/config dependent - Client is responsible for secure own-side setup (keys/access/site security) If conflict appears: - Legal pages and actual product behavior override marketing copy. ================================================== 5) Sources and grounding behavior ================================================== Source types (documented): - URL sources - Files (e.g., PDF/XLSX/CSV) - Feed/catalog scenarios (docs mention catalog conventions) Grounding expectations: - Answer from connected sources/context - If missing, ask clarifying question; do not invent facts - Client is responsible for relevance, legality, and freshness of connected content ================================================== 6) Leads and integrations ================================================== Lead routing channels: - Email - Telegram - Webhook - CRM via webhook-based integration Likely lead payload intent (from docs context): - contact data - dialog summary - metadata (e.g., UTM) [TO_FILL] Webhook signing method: [TO_FILL] Retry/backoff policy for lead delivery: [TO_FILL] Idempotency key policy: [TO_FILL] Required lead fields schema: ================================================== 7) API contract (canonical) ================================================== OpenAPI: - Latest: https://riserlabs.io/openapi.json - Versioned: https://riserlabs.io/openapi.v1.json - Well-known alias: https://riserlabs.io/.well-known/openapi.json Base URL: - https://riserlabs.io Auth modes: 1) End-user bearer token - Authorization: Bearer - Used by chat/persona runtime endpoints 2) Project bearer token (server-to-server) - Authorization: Bearer - Used by B2B management/runtime endpoints 3) Public widget bootstrap flow - POST /api/v1/public/end-user-token - Requires projectKey + hostToken (+ optional metadata/externalUserId, captcha when required) Observed gates/limits patterns: - Rate limiting by IP/project - Daily caps by user/project - Billing/plan gates - Domain allowlist checks - Captcha gating (adaptive/manual policy) SSE streaming: - Endpoint: POST /api/v1/chat/stream - Response content-type: text/event-stream - Typical events: - ready - chunk - done - error Agent rules: - Never fabricate endpoints/auth/rates. - If docs and OpenAPI diverge: prefer OpenAPI. - Treat debug/internal routes as non-public unless explicitly documented. ================================================== 8) Pricing and limits (canonical currency + multilingual display) ================================================== Canonical pricing pages: - /en/subscription - /ru/subscription - /es/subscription Canonical billing currency: - USD (default accounting currency) Plan snapshot (from provided EN/ES copy): - Trial - Price: $0 / trial - Included: 50 events/mo - Projects: up to 1 - Widget domains: up to 1 - Personas: up to 1 - Business - Price: $99 / month - Included: 1,500 events/mo - Projects: up to 1 - Widget domains: up to 2 - Personas: up to 2 - Sources: up to 5 - Sync: every 24h - Logs: 30 days - Max output: 600 tokens - Max context: 20,000 tokens - Business Plus - Price: $499 / month - Included: 10,000 events/mo - Projects: up to 3 - Widget domains: up to 3 - Personas: up to 3 - Sources: up to 10 - Sync: every 12h - Logs: 90 days - Max output: 800 tokens - Max context: 32,000 tokens - Team / Agency - Price: $1499 / month - Included: 50,000 events/mo - Projects: up to 25 - Widget domains: unlimited - Personas: up to 25 - Sources: up to 200 - Sync: every 1h - Logs: 180 days - Max output: 1000 tokens - Max context: 128,000 tokens - Enterprise - Price: on request - Includes white-glove rollout, SLA/security options, private connectors, custom tool-calls/integrations, advanced onboarding/compliance options FX and RUB policy (from Terms): - Base accounting currency is USD. - For customers paying from Russia, payment can be accepted in RUB and prices may be displayed in RUB. - RUB->USD conversion uses Bank of Russia (CBR) official rate at authorization/payment confirmation time + 4% FX margin, unless otherwise stated at checkout. - RUB values in UI are informational and may change with CBR rate. - Final reference is USD internal balance/accounting. - After top-up, credited USD equivalent remains fixed; later RUB payments may differ due to FX changes. - If refund is legally/contractually applicable, recalculation may use CBR rate at refund date with applicable margin/provider fees. LLM instruction for pricing answers: - Prefer quoting USD as canonical. - If user asks in RUB, provide “indicative RUB” and explicitly mark exchange-rate dependency. - Include date when quoting prices/FX-sensitive values. [TO_FILL] Public overage matrix URL: [TO_FILL] Annual billing discount policy: [TO_FILL] Cancellation timing / proration policy public URL: ================================================== 9) Legal and compliance (B2B) — extracted summary ================================================== Terms effective date: - 2026-01-18 Service provider (as stated): - Individual entrepreneur: Шарапов Алексей - ОГРНИП: 325774600322644 - ИНН: 773001860255 Core legal model: - B2B agreement between provider and client (legal entity/sole proprietor) - End-users of client’s site are not direct party to Terms - Client is responsible for lawful notices/consent and lawful source connection Data and role split: - Account/admin data: provider may act as controller - End-user data via widget/integrations: client typically controller, provider processor - DPA available on request Third parties: - AI model providers and infrastructure subprocessors may process requests/context - Provider uses contractual/technical safeguards but does not control third-party internal operations fully AI output disclaimers: - AI content may be inaccurate/outdated - Not legal/medical/financial advice - Client must validate critical outputs before business use Restricted/sensitive usage: - No illegal use, abuse, malware, spam, rights violations - Must follow model provider policies - Special-regime data (e.g., HIPAA/PHI) not allowed unless separately agreed in writing Security: - Reasonable technical/organizational controls - Encryption in transit; architecture-level access/security controls - Client remains responsible for own-side security hygiene Liability and dispute: - Liability cap: amount paid in last 12 months OR USD 100 (whichever is greater), to the maximum extent permitted by law - Exclusion of indirect/special damages (as per Terms) - Governing law: Russian Federation - Venue: Arbitration Court of Moscow (unless mandatory law provides otherwise) Contacts: - mail@riserlabs.io ================================================== 10) Privacy policy (B2B) — extracted summary ================================================== Privacy effective date: - 2026-01-18 Data categories mentioned: - Account/admin data - Dialog messages + metadata + AI responses - Connected sources and processed fragments/indexes - Technical logs (IP, UA, sessions, errors, performance) - Security/audit events - Cookies/local storage for auth/security/interface Purposes: - Provide service features - Security/abuse prevention/incidents - Support and diagnostics - Analytics/service improvement (including aggregated) - Legal/accounting obligations Transfers: - AI providers, infrastructure vendors, lawful disclosures, corporate transactions safeguards - No sale of personal data for third-party independent marketing International transfers: - Possible cross-border processing; contractual safeguards may be applied Retention: - Depends on service need, legal obligations, dispute handling, plan/settings - Deletion requests via interface/support (some data may be retained if legally required) Data subject rights: - Contact mail@riserlabs.io - End-user rights requests generally via client as controller; provider assists as processor within technical limits ================================================== 11) Agent operating policy for RiserLabs content ================================================== - Prefer docs + legal + OpenAPI for factual answers. - Use user language preference (en/ru/es). - Do not invent prices, limits, endpoints, auth modes, legal claims. - For pricing: 1) quote USD first (canonical), 2) optionally add RUB as indicative display value, 3) note FX dependence and date. - For legal/compliance: - summarize accurately, - avoid legal advice wording, - refer to Terms/Privacy URLs. - If page is dynamic/unavailable, ask for confirmation snapshot date and plan. ================================================== 12) Open gaps / TODO ================================================== [TO_FILL] Public changelog URL: [TO_FILL] Public status page URL: [TO_FILL] Subprocessors list URL: [TO_FILL] DPA public request flow URL: [TO_FILL] Public SLA matrix URL: [TO_FILL] BYOK availability by plan page URL: [TO_FILL] Exact webhook signature/replay docs URL: [TO_FILL] Exact cancellation/refund self-service workflow URL: End of file.