Code Mountain

Data & Confidentiality

Your data stays yours. Always.

We are a leadership practice, not a data business. Client information accessed during an engagement is used solely to deliver agreed outcomes, nothing else. This page explains exactly how we handle data, what we never do with it, and the options available if your organization has strict data residency or sovereignty requirements.

Our commitments

What we stand behind, in writing

We never train models on your data

Client business data, operational data, customer records, financials, strategic plans, is never used to train, fine-tune, or improve any AI model without explicit written consent. Full stop.

Engagement data stays in scope

Any access to client systems, databases, or documents during an engagement is strictly scoped to the work defined in the Statement of Work. We don't retain copies after project close.

NDA as standard, not optional

Every client engagement begins with a mutual NDA. We treat all client information as confidential by default, the NDA is a formality that reinforces a practice we follow regardless.

Clear data deletion on project close

At project close, we confirm deletion of any client data held in our working environment. We don't accumulate client data over time, each engagement starts and ends with a clean scope.

AI and your data

How AI tools interact with client data during an engagement

This is the question most clients don't know to ask, and the one that matters most when you're deploying AI inside your operations.

Model selection is data-aware

We select AI models and infrastructure based on your data sensitivity requirements, not just capability. For sensitive workflows, we prioritize models with enterprise data agreements, on-premise options, or zero-data-retention configurations.

Agents are scoped to what they need

Every agent we design operates on the minimum data required for its function. We don't build agents with broad data access when narrow access will do. Scope is defined in the architecture documentation and reviewed with your team before deployment.

You own the agents and the data they touch

Agents we build run in your infrastructure, connect to your systems, and process your data. We don't intermediate the data flow. You have full visibility into what each agent does and why.

Self-hosted deployment

Need to host it yourself, but still want it to improve?

Some organizations can't route operational data through externally managed infrastructure, regulated industries, government contractors, companies with strict data residency requirements. We get it.

Our self-hosted deployment option lets you run the agent workforce entirely within your own infrastructure. Your data never leaves your environment. We provide architecture, configuration, and ongoing strategic guidance, without touching the data pipeline directly.

What's included

  • Architecture and deployment documentation for your infra team
  • Monthly strategic reviews, agent performance, improvement recommendations
  • Agent upgrades and expansion scoping delivered as specifications your team implements
  • Fractional AI leadership access for approval rules, vendor evaluation, and system design decisions

What's different from managed

  • Your team runs the infrastructure, we never have access to your data
  • Improvements are delivered as specs, not deployments
  • Requires internal technical capacity to implement changes
Get Your AI Snapshot for Self-Hosted →

In practice

What scoped data access looks like in real workflows

These representative examples show how boundaries are set in day-to-day operations. They are planning references, not promises.

Representative example

Collections exception routing

Workflow: Flags invoice disputes and aging exceptions, then drafts next-step recommendations for the owner.

Data in scope: Invoice status, dispute category, payment history, and assigned owner.

Data out of scope: Bank credentials, legal strategy files, and unrelated customer records.

Human approval gate: Write-offs, payment terms changes, and customer commitments stay with the finance owner.

Audit and deletion: Recommendations and owner decisions are logged. Engagement-scoped data is deleted at close.

Representative example

Schedule recovery coordination

Workflow: Detects no-show clusters and open dispatch capacity, then drafts recovery actions for ops review.

Data in scope: Schedule events, cancellation reasons, dispatch windows, and service region rules.

Data out of scope: Payroll records, HR files, and systems unrelated to schedule execution.

Human approval gate: Final dispatch commitments and override decisions stay with the operations owner.

Audit and deletion: Exception alerts, action drafts, and approvals are logged. Engagement-scoped data is deleted at close.

Representative example

Ticket routing + response-time risk

Workflow: Classifies incoming tickets, flags response-time risk, and routes work to the right queue owner.

Data in scope: Ticket metadata, account tier, response-time policy, and resolution history.

Data out of scope: Unrelated internal systems, broad repository access, and non-ticket operational data.

Human approval gate: Escalations, policy exceptions, and contractual commitments remain human-owned.

Audit and deletion: Routing rationale and escalation events are retained for review. Engagement-scoped data is deleted at close.

Representative examples for illustration. Final scope is set per workflow in Discovery.

Get Your AI Snapshot

Common questions

Data questions we hear from clients

Does our data get used to train AI models?

No. We never use client business data to train, fine-tune, or improve any AI model, ours or anyone else's. The AI models used in engagements process your data to perform their function; they don't learn from it. For engagements involving sensitive data, we select models with zero-retention data policies by default.

What happens to our data when the engagement ends?

At project close we confirm deletion of any client data in our working environment. Deliverables (documentation, playbooks, agent specifications) transfer to you. We retain no copies. For Managed Subscription clients, data handling is governed by the ongoing service agreement.

Do agents we build have access to all our systems?

No. Each agent is scoped to the minimum data access required for its function, nothing more. Access scope is documented in the architecture specification, reviewed with your team before deployment, and requires your explicit approval. We don't build agents with broad system access.

We're in a regulated industry. Can we still work with you?

Yes, the self-hosted deployment option exists specifically for regulated industries. We can sign BAAs where required (HIPAA), operate under custom data processing agreements, and architect agent workflows that never move regulated data outside your environment. Bring us your compliance requirements early in Discovery and we'll design around them.

Can we see what the agents are doing with our data?

Yes. Every agent we build includes logging and audit trails so you can see what inputs it processed, what decisions it made, and what actions it took. Observability is a design requirement, not an afterthought. You should always be able to answer "what did the agent do and why."

Start with clarity, not commitment.

Our AI Snapshot gives you a clear view of where to start and what should wait.

Get Your AI Snapshot