Council Review IP Exposure Audit¶
Executive Summary¶
eco|monetize has run council reviews sending internal documents to external LLM APIs (Google Gemini, OpenAI GPT-4o). This audit assesses the IP exposure risk, classifies what has already been sent, and recommends a mitigation path.
Bottom line: OpenAI GPT-4o API is the lowest-risk current provider — API inputs are excluded from training by default. Google Gemini standard API permits training on inputs by default and should not receive HIGH-sensitivity content without an Enterprise agreement. DeepSeek cloud API has never been used for council reviews and should not be — China jurisdiction creates material regulatory exposure. Local Ollama models (DeepSeek R1, Llama 3.3, Qwen 2.5) carry zero IP exposure risk and are already on-fleet.
Deliverable 1 — Provider Data Handling Policies (Cloud API Only)¶
Note: Local Ollama inference (DeepSeek R1, Llama 3.3, Qwen 2.5) is explicitly out of scope — local inference creates zero IP exposure. This section covers cloud API calls only.
Google Gemini API¶
| Question | Finding |
|---|---|
| Training on API inputs by default? | Yes — standard tier. Google may use API inputs to improve its models unless an Enterprise agreement is in place. |
| Opt-out mechanism | Available only via Google Cloud Enterprise Agreement (DPA). No API-level flag. Requires commercial negotiation. |
| Data retention | Not explicitly published for standard API; Enterprise DPA includes defined retention and deletion terms. |
| Jurisdictional concerns | US-based processing. GDPR compliance via Google Cloud standard DPA. No China jurisdiction concern. |
| Consumer vs API difference | Consumer chat: training used broadly. API: training permitted by default; Enterprise adds contractual opt-out. |
| Risk rating | HIGH on standard tier. Mitigated at Enterprise. |
OpenAI GPT-4o API¶
| Question | Finding |
|---|---|
| Training on API inputs by default? | No. OpenAI's API terms (as of 2024) explicitly exclude API inputs from training by default. Opt-in model. |
| Opt-out mechanism | Default is already no training. Enterprise adds contractual guarantee and audit rights. |
| Data retention | Standard API: 30-day retention window. Enterprise: custom terms negotiable. |
| Jurisdictional concerns | US-based processing. GDPR DPA available. No China jurisdiction concern. |
| Consumer vs API difference | ChatGPT consumer: training on inputs by default. API: opposite — excluded from training by default. |
| Risk rating | LOW on standard tier. Lowest-risk external provider we currently use. |
DeepSeek Cloud API (api.deepseek.com)¶
| Question | Finding |
|---|---|
| Training on API inputs by default? | Presumed yes. No public opt-out mechanism documented. |
| Opt-out mechanism | None publicly documented. Enterprise terms require direct negotiation; not standardized. |
| Data retention | Not published. No DPA available. |
| Jurisdictional concerns | CRITICAL. China-based company and servers. Data transmitted to DeepSeek cloud falls under Chinese data law. No GDPR DPA. Potential CFIUS scrutiny for US-competitive data. |
| Consumer vs API difference | Both are China-based. No meaningful distinction for data residency purposes. |
| Risk rating | CRITICAL. Do not use for council reviews containing proprietary content. |
Current status: DeepSeek cloud API has NOT been used for eco|monetize council reviews. All DeepSeek usage is via Ollama local inference (zero IP exposure — see DeepSeek Local Validation Report). No action required on this provider beyond maintaining this policy.
Meta Llama (Hosted Cloud Endpoints)¶
| Endpoint | Training by default | Opt-out | Jurisdiction | Risk |
|---|---|---|---|---|
| AWS Bedrock | No | Built into AWS terms; no training by default | US (multi-region, GDPR-compliant) | LOW |
| Together AI — standard | Yes | Requires Enterprise upgrade | US | MEDIUM-HIGH |
| Groq | Unclear | Opaque policy; likely requires negotiation | US | MEDIUM-HIGH |
Current status: eco|monetize has not used any hosted Llama endpoint for council reviews. Local Llama 3.3 via Ollama is in use. If cloud Llama is added, AWS Bedrock is the preferred endpoint.
Deliverable 2 — Risk Classification of Documents Already Sent¶
Based on file inspection at /Claude/operations/reports/council-reviews/, the following content has been sent to external LLM APIs:
| Document | Date | Sent to | Sensitivity | IP Impact if Trained On |
|---|---|---|---|---|
| Brand guidelines consolidation | 2026-04-16 | External council (provider unconfirmed) | HIGH | Category language, positioning, competitive framing — differentiating IP |
| Agent contracts v1.1 amendments | 2026-04-16 | External council | MEDIUM | Role definitions, operating structure — not immediately competitively harmful |
| R&R Phase 1 Operations | 2026-04-16 | External council | MEDIUM | Internal org design — process documentation |
| R&R Phase 1 Revenue | 2026-04-16 | External council | HIGH | Sales process, customer success model, deal structure logic |
| R&R Phase 2 Marketing | 2026-04-16 | External council | HIGH | Category positioning approach, content strategy, go-to-market logic |
| R&R Phase 3 Development | 2026-04-16 | External council | MEDIUM | Technical delivery model — less competitively sensitive |
| CDO prompt engineering retrofit package | 2026-04-18 | Gemini + GPT-4o (confirmed) | MEDIUM | Internal agent architecture — operational but not core IP |
| R&R Matrix Phase 4 independence check | 2026-04-19 | External council | HIGH | Full governance architecture — highest concentration of internal operating model |
| SOW Assessment Template | 2026-04-19 | External council | HIGH | Pricing model ($2,500), guarantee terms, legal structure, scoping methodology |
Key finding: The SOW Assessment Template (pricing, guarantee, legal structure) and R&R Matrix (full governance architecture) are the highest-sensitivity items sent externally. If any provider used these for training, a competitor could eventually extract pricing and operating model signals. However: - GPT-4o API: API inputs are excluded from training by default — these documents are not being trained on. - Gemini standard tier: If the standard API was used for the Apr 16 reviews, training cannot be ruled out.
Action: Confirm which provider received the Apr 16 reviews. If Gemini standard tier was used, those documents should be flagged as potentially exposed.
Deliverable 3 — Mitigation Options Matrix¶
| Option | IP Protection | Review Quality | Operational Complexity | Cost | Recommendation |
|---|---|---|---|---|---|
| 1. Anonymization — strip company name, pricing, product names before sending | 3/5 | 2/5 | 3/5 | None | Partial mitigation only. Removes surface identifiers but not structural IP (framework logic, deal architecture). Degrades review quality because context is lost. |
| 2. Local-only council — Ollama only (DeepSeek R1 14b, Llama 3.3 70b, Qwen 2.5 32b) | 5/5 | 3/5 | 2/5 | Already on-fleet | Best for HIGH-sensitivity content. Zero IP exposure. Quality gap vs cloud models is real but acceptable for governance artifacts where structure matters more than polish. |
| 3. Hybrid approach — local-only for HIGH, external API for LOW/MEDIUM | 4/5 | 4/5 | 3/5 | Low | RECOMMENDED overall. Matches exposure risk to sensitivity tier. External APIs handle benchmark questions and generic best-practice review; local handles pricing, legal, positioning, governance. |
| 4. Enterprise API agreements — OpenAI Enterprise / Google Enterprise | 4/5 | 5/5 | 2/5 | High ($$$) | Best quality, contractual protection. Overkill for current volume. Revisit when council reviews are high-frequency and the cost per review exceeds the Enterprise overhead. |
| 5. Self-hosted cloud — AWS Bedrock / Azure OpenAI in eco | monetize tenant | 4/5 | 4/5 | 5/5 | Medium-High |
Recommended Classification Triggers¶
| Sensitivity | Content type | Council approach |
|---|---|---|
| HIGH | Pricing, guarantee terms, legal structure, competitive positioning, governance architecture, internal agent design | Local-only (Ollama) |
| MEDIUM | Role definitions, SOP structures, process documentation, general best-practice validation | External API acceptable (OpenAI GPT-4o standard) |
| LOW | Generic questions, industry benchmarking, format/structure review | External API (any provider) |
Immediate Actions¶
| Priority | Action | Owner |
|---|---|---|
| P1 | Confirm which provider received Apr 16 council reviews (brand, R&R, agent contracts). If Gemini standard, flag as potential exposure. | security.ops + chief.staff |
| P1 | Adopt hybrid sensitivity classification immediately — HIGH content to local-only councils going forward | chief.staff (SOP update via sop.manager) |
| P2 | sop.manager to amend SOP-EXEC-council-review-v1.0 with the HIGH/MEDIUM/LOW classification trigger table above | sop.manager (dispatch from Morgan) |
| P2 | Confirm no DeepSeek cloud API credentials are configured in any agent session | security.ops (next credential audit pass) |
| P3 | Evaluate Google Gemini Enterprise tier when council review volume justifies the cost | COO + CFO (future quarter) |
Filed by security.ops | 2026-04-21 | Dispatched by Morgan (COO) | Research basis: provider API terms, Ollama documentation, community security audits