Responsible AI
Privacy & Data Governance
AI systems concentrate sensitive data in prompts, logs, retrieved context, embeddings, training sets, fine-tuning files, and human feedback. Governance defines what data can be used, where it flows, who can see it, and how long it lives.
- Prompts and outputs are production data
- Training data provenance matters
- Minimization reduces blast radius
- Embeddings can be sensitive
- Retrieval must enforce permissions
- Retention is an architectural decision
| Question | Why it matters |
|---|---|
| What data enters prompts? | Controls exposure to model/API/logging path |
| What is stored? | Defines retention and breach surface |
| Who can retrieve it? | Prevents cross-user/tenant leakage |
| Can it be used for training? | Requires consent/legal basis |
| How is it deleted? | Supports lifecycle and compliance |
| How is it audited? | Supports incident response |