Trust, security, and data handling
Public tools are stateless reference lookups; authenticated tools process your code under a strict no-training policy, with a private-session flag that skips our server-side logging. UK/EU hosting (Google Cloud Run europe-west2); code is processed by OpenAI (US) under the EU SCCs and UK Addendum. DPAs available for Teams. What IT/Legal needs to clear the integration is on the page below.
The Public MCP, stateless reference API
The 12 public MCP tools (principles.list, clusters.list, principles.get, examples.search, guides.get, signals.feedback, etc.) function exactly like a public documentation API. They are stateless reference lookups. The server receives only the structured query parameters you pass, slug strings, search queries, filter values. No proprietary code, no prompts, no file contents, and no codebase context is ever transmitted, ingested, or stored. This is the magic sentence for IT/Legal review: the public MCP is read-only and does not accept proprietary codebase context. It is safe to use in any company environment, including ones with strict data-handling policies.
The Pro/Teams MCP, data handling and zero-training
For practitioners using architect.validate to audit real code: your code is sent to the underlying LLM provider (OpenAI, US) to generate the validation report, on a no-training basis, and retained under OpenAI's API data-retention terms. We do not train models on user code, validation payloads, or architecture diagrams. Ever. Our application layer adds a guarantee: when you pass private_session=true on architect.validate or team.summarize, the server bypasses all database logging for that call, so AI Design Blueprint persists no record of your code, payload, or result on our side (OpenAI's own retention is governed by their API terms). signals.feedback writes only the structured fields you explicitly pass; signals.report writes the event type, surface, and perceived value against your authenticated user ID. Neither stores prompts, code, or file contents.
GDPR, data residency, and DPAs
AI Design Blueprint compute runs on Google Cloud Run, and data at rest, the database and its backups, is in Cloud SQL, kept in the UK/EEA (Google Cloud europe-west2, London). The primary cross-border flow is the code and context you submit to architect.validate / architect.certify, processed by OpenAI in the United States as a sub-processor under the EU Standard Contractual Clauses and UK Addendum (no-training, subject to OpenAI's API data-retention terms); AI Design Blueprint does not retain it as raw implementation context. Designed in line with UK and EU GDPR data-minimisation principles. For organisations deploying on the Teams plan, we provide a standard Data Processing Agreement (DPA) on request, contact us via the support page to initiate. The public MCP, by design, is unlikely to require a DPA from your legal team because it does not act as a data processor for personal data: it only receives structured query IDs and returns public doctrine content. Document the integration in your Records of Processing Activities (ROPA) as a read-only reference API similar to a public documentation endpoint.
Signal tools, explicit opt-in only
signals.report is Pro/Teams-only, it requires an active Bearer token and is offered by the agent only after architect.validate completes, only after the user confirms the session was valuable. signals.feedback is open to all callers but must only be called when the user explicitly says they want to leave feedback. Neither tool is ever called automatically or silently. See the privacy policy at aidesignblueprint.com/en/privacy for the full data handling contract.
Also in this section