Confidentiality
Building AI workflows often means working with sensitive business data, internal processes, and proprietary systems. I take data security seriously at every stage of an engagement — from initial conversations through to project completion and beyond.
Non-Disclosure Agreements
NDAs are standard practice. I'm happy to sign a non-disclosure agreement before any engagement begins — whether it's your standard template or one we draft together. There's no need to ask; just send it over.
Regardless of whether a formal NDA is in place, all client data, business processes, system architectures, and internal details are treated as strictly confidential by default. I don't discuss client work with third parties, and I don't reference specific engagements publicly without explicit permission.
Data Handling
When building AI workflows, I follow strict principles around how sensitive data is accessed, stored, and managed.
Data Minimisation
I only request access to data that's directly necessary for the build. If a workflow can be developed and tested with anonymised or synthetic data, that's the preferred approach.
Credential Management
API keys, access tokens, and service credentials are stored securely using environment variables or secret management tools. They are never hardcoded, logged, or shared.
Environment Isolation
Development and testing environments are kept separate from production systems. Work-in-progress builds never run against live data unless explicitly agreed and carefully controlled.
Data Retention
Client data is not retained after project completion unless we've explicitly agreed otherwise. On project handover, any local copies of client data are securely deleted.
No Training Data
Client data is never used to train AI models. Your business data remains yours — it's used solely for building and testing the systems you've commissioned.
Infrastructure Security
Depending on your requirements, I can tailor the deployment approach to meet your organisation's security standards.
Self-Hosted Options
For sensitive workloads, I can build on self-hosted infrastructure — keeping data and processing entirely within your control.
Client-Owned Infrastructure
Deployments can be made directly to your own infrastructure — cloud accounts, on-premise servers, or private networks. I work with whatever setup you have.
Encrypted Connections
All integrations and data transfers use encrypted connections. API calls, webhooks, and data pipelines are secured with TLS/HTTPS as standard.
Access Controls & Audit Logging
Where applicable, I implement role-based access controls and audit logging so you have visibility into who accessed what and when.
Have specific security requirements?
I'm happy to discuss your organisation's confidentiality needs and tailor my approach accordingly.