Security & Privacy
How to think about data handling, access boundaries, and operational safety when using Buda in real workflows.
Buda is designed for workflows that involve private files, internal process knowledge, and customer conversations. That makes security and privacy a first-class part of setup, not an afterthought.
Core principles
- Keep each Agent scoped to one business function
- Grant the minimum access needed
- Use Drive as the explicit source of truth
- Separate internal and external channels when possible
- Review uploaded files regularly
Data boundaries to think about
| Boundary | What to decide |
|---|---|
| Agent boundary | Which files and instructions belong to one Agent |
| Workspace boundary | Which team members can manage or use the Agent |
| Channel boundary | Which external users can reach the Agent |
| Session boundary | When context should continue versus reset |
Operational best practices
- Do not upload documents the Agent should never reference
- Create separate Agents for different departments or customers
- Test channel behavior with non-sensitive content first
- Define human escalation rules for sensitive or ambiguous cases
For regulated or enterprise use
If you handle contracts, HR files, financial records, or customer support data, decide up front:
- Which data can be uploaded
- Who can access each workspace
- Which channels are approved
- What audit trail your team needs