Skip to main contentSkip to footer
For agents

Trust, security, and data handling

Public tools are stateless reference lookups; authenticated tools process payloads transiently with a private session flag and a strict zero-training policy. UK/EU data residency on Google Cloud Run (europe-west2). DPAs available for Teams. What IT/Legal needs to clear the integration is on the page below.

Public vs protected

The Public MCP, stateless reference API

The 12 public MCP tools (principles.list, clusters.list, principles.get, examples.search, guides.get, signals.feedback, etc.) function exactly like a public documentation API. They are stateless reference lookups. The server receives only the structured query parameters you pass, slug strings, search queries, filter values. No proprietary code, no prompts, no file contents, and no codebase context is ever transmitted, ingested, or stored. This is the magic sentence for IT/Legal review: the public MCP is read-only and does not accept proprietary codebase context. It is safe to use in any company environment, including ones with strict data-handling policies.

The Pro/Teams MCP, transient processing and zero training

For practitioners using architect.validate to audit real code: payloads are processed transiently in memory to generate the validation report and immediately dropped. We do not train models on user code, validation payloads, or architecture diagrams. Ever. The underlying LLM provider (OpenAI API) operates under a no-training-on-API-data policy. Our application layer enforces an additional guarantee: when you pass private_session=true on architect.validate or team.summarize, the server bypasses all database logging for that call. No record of your code, payload, or result is persisted on our servers. signals.feedback writes only the structured fields you explicitly pass; signals.report writes the event type, surface, and perceived value against your authenticated user ID. Neither stores prompts, code, or file contents.

GDPR, data residency, and DPAs

AI Design Blueprint hosting and data-at-rest are on Google Cloud Run in europe-west2 (London, UK). The primary cross-border flow is the code and context you submit to architect.validate / architect.certify, processed by OpenAI in the United States as a sub-processor under the EU Standard Contractual Clauses and UK Addendum (no-training, subject to OpenAI's API data-retention terms); AI Design Blueprint does not retain it as raw implementation context. Designed in line with UK and EU GDPR data-minimisation principles. For organisations deploying on the Teams plan, we provide a standard Data Processing Agreement (DPA) on request, contact us via the support page to initiate. The public MCP, by design, is unlikely to require a DPA from your legal team because it does not act as a data processor for personal data: it only receives structured query IDs and returns public doctrine content. Document the integration in your Records of Processing Activities (ROPA) as a read-only reference API similar to a public documentation endpoint.

Signal tools, explicit opt-in only

signals.report is Pro/Teams-only, it requires an active Bearer token and is offered by the agent only after architect.validate completes, only after the user confirms the session was valuable. signals.feedback is open to all callers but must only be called when the user explicitly says they want to leave feedback. Neither tool is ever called automatically or silently. See the privacy policy at aidesignblueprint.com/en/privacy for the full data handling contract.

Data handling

Explicit. Opt-in. Local-first.

Static files send nothing. MCP retrieval tools are read-only lookups. Feedback tools only run when your agent surfaces them and you confirm. Code passed to the validation tool is processed transiently by an external LLM provider and is not retained by AI Design Blueprint as raw implementation context. Full details in our privacy policy.

Privacy policy
Enterprise privacy

The private_session flag

When you pass private_session=true on architect.validate or team.summarize, the server explicitly bypasses the database log table. The payload is processed transiently in memory, the validation result is generated, and the payload is dropped. No record is persisted on our servers.

{
  "tool": "architect.validate",
  "arguments": {
    "implementation_context": "...your code...",
    "private_session": true
  }
}

Available on Pro and Teams plans. The bypass logic is enforced in code at the MCP server layer, not a promise in Terms of Service, but an architectural invariant.

Compliance

GDPR · Data residency · DPA

Data residency

Google Cloud Run · europe-west2 (London, UK). Hosting and stored data stay in the UK/EEA; code and context sent to architect.validate / architect.certify are processed by OpenAI (US) as a sub-processor under the EU Standard Contractual Clauses and UK Addendum (no-training).

Zero training policy

We do not train AI models on user code, validation payloads, or architecture diagrams. The underlying LLM provider (OpenAI API) operates under the same no-training-on-API-data policy.

GDPR & DPAs

Compliant with UK GDPR and EU GDPR. For organisations on the Teams plan, we provide a standard Data Processing Agreement (DPA) on request.

Request a DPA

Certification and runtime liability

The Architect Validator evaluates code for structural alignment against the 10 Blueprint principles. A production_ready badge means the code possesses the required trust boundaries (explicit handoffs, recovery paths, audit inspectability). It is not a guarantee of runtime safety, business-logic correctness, regulatory compliance, or a cybersecurity audit.

Architectural, not operational

The score (0-100), letter grade (A-F), tier (draft / emerging / production_ready) and any associated badges are automated point-in-time assessments of code against the doctrine at a specific moment. Code changes, runtime drift, LLM non-determinism, and doctrine fingerprint shifts invalidate the assessment. The Validator is not a penetration test, does not substitute for HIPAA / SOC2 / GDPR / DORA compliance, and does not guarantee that the code is free of bugs, vulnerabilities, or runtime hallucination risk.

Human accountability

The doctrine dictates that agents are governed by humans. Final responsibility for deployment, monitoring, production testing, and security of agentic workflows remains entirely with the deploying organization. AI Design Blueprint provides the standard and the measuring tape; you own the consequences of execution.

Contractual terms are defined in the Terms of Service. This section describes the responsibility model in the terms the product is designed around.

Freshness

Generated at

30 May 2026

Content version

de805638

Build details

de8056386c8a732a3e438679eadd0959ff0e1bf1

What data do the feedback and validation tools send?

signals.report and signals.feedback send only the structured fields you explicitly pass, event type, rating, brief context note. No raw prompts, no file contents, no proprietary code. architect.validate sends code you provide to an external LLM provider during processing; it is processed transiently and is not retained by AI Design Blueprint as raw implementation context. Set private_session=true on architect.validate to skip all server-side logging for that validation call. Static instruction files (AGENTS.md, .mdc, copilot-instructions.md) are local files only, they send nothing.

Also in this section

MCP setupPublic vs protectedStart here