Skip to content
ESN Digital

Security & Data Policy

AI-native delivery only works if trust is explicit. This page explains what data is processed, what is retained, and what can be excluded from model context.

Principles

  • Minimal retention: We keep only what we must to deliver and to provide auditable artifacts.
  • Least privilege: Access scoped per deliverable; no broad, permanent access by default.
  • Context minimization: We prefer redaction, summaries, and constraints over full dumps of sensitive data.
  • Auditability: Key decisions are recorded (ADR) and deliverables ship with acceptance checks.

What we typically process

  • Public-facing product/company info you provide
  • Brand assets (logos, colors, typography) and design constraints
  • Existing site content (for rewrites, audits, SEO mapping)
  • Analytics insights you choose to share (aggregated preferred)

What you can exclude

We can operate under constraints. If something should not enter model context, we can work with redacted samples or synthetic placeholders.

  • Personal data
  • Credentials / secrets
  • Source code you can’t share
  • Contract details (unless required)

NDA & SLAs

  • NDA available for sensitive projects.
  • SLA options: response time targets, bug-fix windows, and escalation paths.
  • Optional EU hosting constraints (deployment-specific).

Questions?

Tell us your constraints upfront. We’ll adapt the pipeline to fit your posture.

Book a 15‑min Agent Briefing