Client data trust
Security & Data Handling
How Raypi scopes NDA coverage, access control, sensitive data, PII, model-training policy, cloud environments, and auditability before AI/data work begins.
NDA and confidentiality
Raypi can work under NDA before reviewing sensitive workflows, architecture diagrams, operational metrics, datasets, credentials, or internal process details.
Access control
Access is requested with least privilege, limited to the agreed workflow, and revoked when no longer needed. Shared credentials should use client-controlled accounts, role-based permissions, and auditable logs where available.
Sensitive data and PII
Sensitive data, personal data, regulated data, and production credentials are scoped explicitly before work begins. When anonymized, sampled, or synthetic data is enough for evaluation, that path is preferred.
Cloud and tooling environments
Pilot environments, model APIs, storage, notebooks, logs, and deployment paths are documented before use. Client-controlled cloud accounts can be used when governance requires it.
Model training policy
Client data is not used to train public models. Any third-party model or API usage must be disclosed in the pilot scope, including data-retention implications from the provider.
Auditability
Raypi documents data sources, assumptions, access paths, evaluation datasets, risk decisions, cost estimates, and go/no-go criteria so the client can review how the recommendation was reached.