Privacy

Privacy at Kenshiki starts with data minimization, SIRE-scoped authority boundaries, and evidence-backed system behavior enforced at the evidence boundary rather than broad collection by default.

Core posture

Kenshiki is designed to verify consequential AI claims against authoritative sources, not to maximize collection of user data. We minimize what enters the system and keep access scoped to the workflows and actors that require it.

How data is handled

Data handling depends on deployment model, but the same control objective applies across environments: only the minimum data needed to verify a claim should be processed, and that processing should remain attributable and auditable.

Least-privilege access to governed sources
Explicit separation between application, model, and source authority
Traceable evidence lineage for consequential outputs
Deterministic audit records for review and investigation

Commercial and legal details

Production privacy terms, data processing commitments, and customer-specific handling obligations should be defined in the governing commercial agreement, DPA, or related contract documentation.