Run-your-own workshop
Design the trust layer before you ship it.
A guided builder for teams whose product remembers people. Turn "we respect privacy" into a memory contract, a privacy boundary, and the safety and governance decisions your engineers can build, in one exportable brief.
About 90 minutes for the core path. Optional extended modules go deeper on minimization and governance when your rules call for them.
The wish
The trust contract
The wish
"Remember everything about the user."
The trust contract
Store only what helps, scoped to the account, with a time limit and a delete that reaches every store.
The wish
"Keep their data private."
The trust contract
Give each fact a rule for who may see it and why, enforced at retrieval, not in the prompt.
The wish
"Be safe in the hard moment."
The trust contract
Decide per moment whether to answer, bound the answer, or hand off to a person, and test it.
The wish
"Forget me when I ask."
The trust contract
Delete across the store, the index, the logs, and the backups, and promise only what that delivers.
What the labs ship now
- ✓Memory is tiered and self-editing, with a personalization channel, an off switch, and a short retention window.
- ✓Privacy is contextual integrity, appropriate flow by who, what, and for what purpose, not secrecy.
- ✓Safety is three designed behaviors, comply, bound the answer, or escalate, not one block switch.
- ✓Governance is a constraint you design to, the NIST framework, ISO 42001, the EU AI Act, and the GDPR.
Where it still breaks
- !Telling a model to keep a secret does not work. Frontier models leaked private facts 39 to 57 percent of the time under a privacy prompt.
- !A bigger context window does not solve memory. Accuracy drops about a third reading the full history instead of the relevant part.
- !Leakage compounds with use, so a passing single demo certifies nothing, and a stored memory can be poisoned and trigger later.
- !There is no clean way to unlearn data once it reaches weights or embeddings, so a delete button on one store is not erasure.
Where this fits
The personality harness workshop governs who your assistant is, its tone, voice, and moves. This one governs what it knows, keeps, and refuses. Tone stays in the harness. The boundary in the hard moment is designed here at a high level and in depth in the Safety and boundaries workshop.
Safety and boundaries
The full refuse, safe-complete, and escalate map with triggers, destinations, and wording, the over-refusal budget, the crisis handoff, and the guardrail and runtime enforcement layer.
Conversation design and tool use
Containing prompt injection for an agent that can call tools and reach memory, the least-privilege tool design, and where a human has to approve an action.
Those workshops are on the way. This session captures the trust moments and the tool risks and carries them into the export so they are ready when you run them.
What you leave with
A trust spec your engineers can build from.
Every answer maps to a piece of an implementation spec. You export one Markdown file and hand it to Claude, ChatGPT, Cursor, or an internal assistant to write the engineering brief.
- ✓An honest promise about what the product remembers, protects, and refuses
- ✓A counted inventory of what it collects today
- ✓A memory contract, store versus derive, representation, scope, tier, and forgetting
- ✓A contextual-integrity contract on every stored fact, enforced past the prompt
- ✓A control surface a person can open, correct, scope, and clear
- ✓A right-to-erasure mechanism that reaches every store
- ✓A trust-moment map with a high-level boundary stance
- ✓Instrumented checks with acceptance as a rate, a sample size, and a margin
- ✓A governance mapping from binding rules to owned requirements
- ✓An engineering handoff table and an open decisions log
Export preview
trust-memory-governance-brief.md
├── LLM instructions
├── Context profile
├── Documentation targets
├── Trust promise and constraints
├── Data inventory
├── Memory contract
├── Contextual-integrity register
├── Control surface
├── Right-to-erasure mechanism
├── Trust-moment map
├── Governance mapping
├── Instrumented checks
├── Engineering handoff
├── Open decisions
└── Backlog seedStart here
Enter your email to unlock the workspace
Your answers stay in this browser unless you export them. The email unlocks the builder and the blank guide, and lets us send you occasional new tools.