AI & data handling

Generating a response means sending message content to an AI model provider. This page covers how that data is governed: the terms it runs under, whether it can be used to train models, how long it is kept, and where it travels. For the platform access model — how an agent connects to your accounts — see Security & data protection.

Commercial-grade terms, not consumer

Boatwork Assist runs on Anthropic’s commercial API under their Commercial Terms — not consumer chat products. Your data is governed by enterprise terms, not personal-account defaults.

Your data is not used to train AI models

Anthropic does not train on data sent through the commercial API without express permission, and we do not grant it. Customer content is not used to improve anyone’s model.

Minimal retention

Only what is technically required to generate a response is held, on a short standard retention window, and then purged. Boatwork Assist does not maintain a long-term store of conversation content with the provider.

Server-side by design

API keys never touch the browser. Confidential content is routed through our backend and is never exposed in client-side code.

Sensitive content stays on the core path

Customer data is kept on the direct request/response channel rather than ancillary storage features, so sensitive content travels the path we control end to end.

Zero Data Retention (in progress)

We are pursuing a Zero Data Retention (ZDR) arrangement with Anthropic so that customer data is not stored at rest at all once a response is returned — nothing persists after the answer comes back.

Endpoint-level data mapping (in progress)

We are auditing every data flow in Boatwork Assist against ZDR-eligible endpoints, so confidential customer data rides the channels that retain nothing, while connectors, file handling, and tool execution stay under our own control.

Formal documentation (in progress)

We are codifying this posture in our Terms Addendum and Privacy Policy Supplement so it is contractual, not just operational.

An honest caveat

Even under strict zero-retention, providers may briefly retain data where required by law or to investigate platform abuse. That is an industry-wide floor, not a Boatwork choice.