Home/ Part XIV — Team Workflows and "Shipping With Adults in the Room"/44. Governance and Compliance (If You're Building a Real Company Product)/44.1 Data classification and what can enter prompts

44.1 Data classification and what can enter prompts

Overview and links for this section of the guide.

On this page

Data Levels
The Policy
Where to go next

Data Levels

Public: Docs, marketing site. (Safe for all models).
Internal: Code, Slack messages. (Safe for Enterprise models with Zero-Retention agreements).
Confidential: PII, financial data. (Safe ONLY if redacted or if you have a BAA).
Toxic: Passwords, private keys. (NEVER send to a model).

The Policy

You need a "Data Egress Policy" that checks every API call. `if (contains_ssn(prompt)) block()`

Where to go next

44.2 Logging policies: what to store and redact