FM-10 // SECURITY & PRIVACY
Data Handling
Updated Jan 15, 2025 · Contributors: nikhil
Table of Contents
What Data We Process
When customers use Future AGI, we process several types of data:
| Data Type | Examples | Sensitivity |
|---|---|---|
| Trace data | Agent inputs, outputs, intermediate steps | High |
| Evaluation results | Scores, metrics, pass/fail judgments | Medium |
| Metadata | Timestamps, latency, token counts, model names | Low |
| Account data | Email, name, organization, billing info | Medium |
| Usage data | Feature usage, API call volumes | Low |
Data Ownership
Customer data belongs to the customer. Full stop. We are processors, not owners. We don’t:
- Train models on customer data
- Share customer data with third parties (except as needed for infrastructure - see sub-processors)
- Access customer data without explicit authorization
- Retain data after a customer deletes their account
Storage and Residency
- Primary region - US East (AWS us-east-1) by default
- EU region - EU West (AWS eu-west-1) available for customers with data residency requirements
- No data leaves the selected region - processing, storage, and backups all stay within the region
- Sub-processors are contractually bound to the same data handling standards
Retention
| Data Type | Default Retention | Customer Configurable |
|---|---|---|
| Trace data | 90 days | Yes (30/60/90/180/365 days) |
| Evaluation results | 1 year | Yes |
| Metadata | 1 year | No |
| Account data | Lifetime of account + 30 days | N/A |
| Audit logs | 1 year | No |
After the retention period, data is permanently deleted. Deletion is verified and logged.
Deletion
Customers can delete their data at any time:
- Individual traces - delete via API or dashboard
- All data - account deletion removes all data within 30 days
- Right to be forgotten - GDPR deletion requests processed within 30 days
Deleted data is purged from:
- Primary databases
- Backup systems (within 90 days of backup rotation)
- Search indexes
- Cache layers (immediate)
Sub-Processors
We use a limited set of sub-processors:
| Processor | Purpose | Data Access |
|---|---|---|
| AWS | Infrastructure, storage, compute | All data (encrypted) |
| Stripe | Billing and payments | Billing data only |
| Datadog | Infrastructure monitoring | System metrics only (no customer data) |
| SendGrid | Transactional email | Email addresses only |
We notify customers 30 days before adding a new sub-processor.
PII Handling
We provide tools for customers to scrub PII from trace data before it reaches our platform:
- Client-side redaction - SDK-level filters to mask sensitive fields before data leaves the customer’s infrastructure
- Server-side rules - configurable regex patterns to detect and redact PII on ingestion
- Audit reports - visibility into what data is being stored and flagged
For customers in regulated industries (healthcare, finance), we offer enhanced PII detection with field-level encryption.