Skip to main contentSkip to footer
For agents

Trust, security, and data handling

Public tools are stateless reference lookups; authenticated tools process your code under a strict no-training policy, with a private-session flag that skips our server-side logging. UK/EU hosting (Google Cloud Run europe-west2); code is processed by OpenAI (US) under the EU SCCs and UK Addendum. DPAs available for Teams. What IT/Legal needs to clear the integration is on the page below.

The Public MCP, stateless reference API

The 12 public MCP tools (principles.list, clusters.list, principles.get, examples.search, guides.get, signals.feedback, etc.) function exactly like a public documentation API. They are stateless reference lookups. The server receives only the structured query parameters you pass, slug strings, search queries, filter values. No proprietary code, no prompts, no file contents, and no codebase context is ever transmitted, ingested, or stored. This is the magic sentence for IT/Legal review: the public MCP is read-only and does not accept proprietary codebase context. It is safe to use in any company environment, including ones with strict data-handling policies.

The Pro/Teams MCP, data handling and zero-training

For practitioners using architect.validate to audit real code: your code is sent to the underlying LLM provider (OpenAI, US) to generate the validation report, on a no-training basis, and retained under OpenAI's API data-retention terms. We do not train models on user code, validation payloads, or architecture diagrams. Ever. Our application layer adds a guarantee: when you pass private_session=true on architect.validate or team.summarize, the server bypasses all database logging for that call, so AI Design Blueprint persists no record of your code, payload, or result on our side (OpenAI's own retention is governed by their API terms). signals.feedback writes only the structured fields you explicitly pass; signals.report writes the event type, surface, and perceived value against your authenticated user ID. Neither stores prompts, code, or file contents.

GDPR, data residency, and DPAs

AI Design Blueprint compute runs on Google Cloud Run, and data at rest, the database and its backups, is in Cloud SQL, kept in the UK/EEA (Google Cloud europe-west2, London). The primary cross-border flow is the code and context you submit to architect.validate / architect.certify, processed by OpenAI in the United States as a sub-processor under the EU Standard Contractual Clauses and UK Addendum (no-training, subject to OpenAI's API data-retention terms); AI Design Blueprint does not retain it as raw implementation context. Designed in line with UK and EU GDPR data-minimisation principles. For organisations deploying on the Teams plan, we provide a standard Data Processing Agreement (DPA) on request, contact us via the support page to initiate. The public MCP, by design, is unlikely to require a DPA from your legal team because it does not act as a data processor for personal data: it only receives structured query IDs and returns public doctrine content. Document the integration in your Records of Processing Activities (ROPA) as a read-only reference API similar to a public documentation endpoint.

Signal tools, explicit opt-in only

signals.report is Pro/Teams-only, it requires an active Bearer token and is offered by the agent only after architect.validate completes, only after the user confirms the session was valuable. signals.feedback is open to all callers but must only be called when the user explicitly says they want to leave feedback. Neither tool is ever called automatically or silently. See the privacy policy at aidesignblueprint.com/en/privacy for the full data handling contract.

Data handling

Explicit. Opt-in. Local-first.

Static files send nothing. MCP retrieval tools are read-only lookups. Feedback tools only run when your agent surfaces them and you confirm. Code passed to the validation tool is processed transiently by an external LLM provider and is not retained by AI Design Blueprint as raw implementation context. Full details in our privacy policy.

Privacy policy
Enterprise privacy

The private_session flag

When you pass private_session=true on architect.validate or team.summarize, the server explicitly bypasses the database log table. The payload is processed transiently in memory, the validation result is generated, and AI Design Blueprint persists no record of the payload on our side. OpenAI's own retention is governed by their API terms.

{
  "tool": "architect.validate",
  "arguments": {
    "implementation_context": "...your code...",
    "private_session": true
  }
}

Available on Pro and Teams plans. The bypass logic is enforced in code at the MCP server layer, not a promise in Terms of Service, but an architectural invariant.

Compliance

GDPR · Data residency · DPA

Data residency

Google Cloud Run (compute) and Cloud SQL (data at rest, the database and its backups) · europe-west2 (London, UK). The database and its backups are kept in the UK/EEA; code and context sent to architect.validate / architect.certify are processed by OpenAI (US) as a sub-processor under the EU Standard Contractual Clauses and UK Addendum (no-training).

Zero training policy

We do not train AI models on user code, validation payloads, or architecture diagrams. The underlying LLM provider (OpenAI API) operates under the same no-training-on-API-data policy.

GDPR & DPAs

Designed in line with UK GDPR and EU GDPR data-minimisation principles. For organisations on the Teams plan, we provide a standard Data Processing Agreement (DPA) on request.

Request a DPA

Certification and runtime liability

The Architect Validator evaluates code for structural alignment against the 10 Blueprint principles. A production_ready badge means the code possesses the required trust boundaries (explicit handoffs, recovery paths, audit inspectability). It is not a guarantee of runtime safety, business-logic correctness, regulatory compliance, or a cybersecurity audit.

Architectural, not operational

The score (0-100), letter grade (A-F), tier (draft / emerging / production_ready) and any associated badges are automated point-in-time assessments of code against the doctrine at a specific moment. Code changes, runtime drift, LLM non-determinism, and doctrine fingerprint shifts invalidate the assessment. The Validator is not a penetration test, does not substitute for HIPAA / SOC2 / GDPR / DORA compliance, and does not guarantee that the code is free of bugs, vulnerabilities, or runtime hallucination risk.

Human accountability

The doctrine dictates that agents are governed by humans. Final responsibility for deployment, monitoring, production testing, and security of agentic workflows remains entirely with the deploying organization. AI Design Blueprint provides the standard and the measuring tape; you own the consequences of execution.

Contractual terms are defined in the Terms of Service. This section describes the responsibility model in the terms the product is designed around.

Freshness

Generated at

23 June 2026

Content version

dbc4051d

Build details

dbc4051df9bef502d5235d3c73f91c8ae102f434

What data do the feedback and validation tools send?

signals.report and signals.feedback send only the structured fields you explicitly pass, event type, rating, brief context note. No raw prompts, no file contents, no proprietary code. architect.validate sends code you provide to an external LLM provider during processing; it is processed transiently and is not retained by AI Design Blueprint as raw implementation context. Set private_session=true on architect.validate to skip all server-side logging for that validation call. Static instruction files (AGENTS.md, .mdc, copilot-instructions.md) are local files only, they send nothing.