Skip to main content
Compliance rules are platform-enforced guardrails that protect the organisation. They are set at the organisation level and inherited by all workspaces. Workspaces can add stricter rules but cannot loosen the baseline.

Guardrail types

PII filtering

Redacts personally identifiable information from queries and responses before they reach the language model. 
{
  "pii_filter": true,
  "pii_fields": ["email", "phone", "ssn", "credit_card"]
}

Write confirmation

Requires explicit confirmation before executing tools that modify data. Tools are classified as write operations based on their is_write flag. 
{
  "write_confirmation": true,
  "write_tool_patterns": ["update_*", "delete_*", "create_*"]
}

Cost caps

Sets a monthly cost limit per workspace. Queries are rejected once the cap is reached. 
{
  "cost_cap_monthly_usd": 100.00
}

Rate limits

Limits query frequency to prevent abuse. 
{
  "rate_limit": {
    "per_user_per_minute": 10,
    "per_workspace_per_hour": 500
  }
}

Blocked topics

Prevents the AI from responding to specific topics. 
{
  "blocked_topics": ["competitor pricing", "internal salaries"]
}

Violation tracking

Compliance violations are recorded in conversation stats. Each violation includes:
  • Rule: which guardrail was triggered
  • Description: what happened
  • Conversation: which conversation triggered it
  • User: who triggered it
  • Timestamp: when it occurred
Violations are surfaced in the Compliance tab and the workspace dashboard.

Organisation baseline

Org admins set the compliance baseline. If a connection is flagged as a security risk, the admin blocks it once and it is disabled across every workspace immediately. Workspaces can:
  • Add stricter rate limits
  • Add additional blocked topics
  • Enable PII filtering if the org baseline has it disabled
Workspaces cannot:
  • Disable PII filtering if the org baseline requires it
  • Raise cost caps above the org limit
  • Remove blocked topics set at the org level