Guides
Start typing to search…

Third-Party LLM Governance & Security Framework

Overview

Foldspace utilizes a multi-LLM orchestration strategy to deliver agentic product experiences. This document outlines the security controls, data handling protocols, and privacy safeguards enforced when interacting with third-party Large Language Model (LLM) providers.

1. Approved LLM Providers

Foldspace strictly utilizes Enterprise-grade API endpoints from the following providers:

  • OpenAI:
  • Google Gemini:

2. Data Sovereignty & Zero-Training Mandate

The core of our security posture is the Zero-Persistence / Zero-Training architecture.

  • No Model Training: Under our enterprise agreements, customer data (prompts, context, and outputs) is never used by Foldspace or our third-party providers to train, retrain, or fine-tune base models.
  • Data Isolation: Customer data is processed in isolated sessions. There is no cross-pollination of "learned" logic between different customer environments.

3. PII Handling & Data Privacy Guardrails

Exclusively available in the Foldspace Enterprise Package, our automated Privacy Guardrail Layer allows organizations to sanitize data

Customer-Controlled Masking Configuration

Admins have granular control to enable and configure masking for specific sensitive fields via the Foldspace management console. This ensures that the AI agent receives only the anonymized context required to perform its task, enforcing the Principle of Least Privilege.

Supported masking categories include:

  • Email Addresses: Obscured to prevent identification while maintaining session utility.
  • Personal Names: Individual names are masked in conversations and reports to maintain confidentiality.
  • Payment Information: Secures sensitive financial details, including credit card and bank account numbers.
  • Geographic Locations: Generalizes or hides specific user location data.
  • IP Addresses: Conceals IP addresses captured through tracking, recordings, or logs.

4. Encryption & Transit Security

  • In-Transit: All data exchanged between the Foldspace platform and LLM providers is encrypted using TLS 1.2 or higher.
  • At-Rest: Any temporary metadata or session context stored within Foldspace is encrypted using AES-256 with strict KMS (Key Management Service) rotation policies.

5. Action Governance & Authorization

Unlike "Chat-only" AI, Foldspace triggers backend workflows. We ensure this remains secure through:

  • Scoped Permissions: The AI agent operates using the "Principle of Least Privilege." It can only access the APIs and actions explicitly defined in your Action Schema
  • Human-in-the-Loop (HITL): High-stakes actions (e.g., data deletion, financial transactions) require an explicit 'User Confirmation' step, preventing autonomous unauthorized actions.
  • Identity Mapping: Agent actions are tied to the authenticated user’s existing session and permissions

6. Data Collection & Customer Control

Foldspace is designed to give customers full control over the data they share.

  • Tracking Code & Mandatory Fields: Data collection is performed via the Foldspace tracking code. The only mandatory field required for operation is a unique User UUID.
  • Custom Attributes: Customers have full control over all other data points. You may choose to send custom attributes—such as user roles or subscription tiers—to provide deeper personalization or contextual responses.
  • Optional User Data Exclusion: Customers may choose to exclude end-user or subscription-level data entirely, ensuring no metadata is sent to Foldspace.

For a copy of our SOC 2 report or detailed Data Processing Addendum (DPA), please contact [email protected].

Updated 27 days ago