Responsible AI

Privacy & Data Governance

AI systems concentrate sensitive data in prompts, logs, retrieved context, embeddings, training sets, fine-tuning files, and human feedback. Governance defines what data can be used, where it flows, who can see it, and how long it lives.
  • Prompts and outputs are production data
  • Training data provenance matters
  • Minimization reduces blast radius
  • Embeddings can be sensitive
  • Retrieval must enforce permissions
  • Retention is an architectural decision
AI data surfaces
Every box needs access, retention, and sensitivity rules.
Governance checklist
QuestionWhy it matters
What data enters prompts?Controls exposure to model/API/logging path
What is stored?Defines retention and breach surface
Who can retrieve it?Prevents cross-user/tenant leakage
Can it be used for training?Requires consent/legal basis
How is it deleted?Supports lifecycle and compliance
How is it audited?Supports incident response
Sources
  • OpenAI API DocumentationSafety and production guidance
  • Artificial Intelligence: A Modern ApproachRisks and ethics
  • Made With MLData management