Security & Privacy
How to think about data handling, access boundaries, and operational safety when using Buda in real workflows.
Security & Privacy
Buda is designed for workflows that involve private files, internal process knowledge, and customer conversations. That makes security and privacy a first-class part of setup, not an afterthought.
Core principles
- Keep each Agent scoped to one business function
- Grant the minimum access needed
- Use Drive as the explicit source of truth
- Separate internal and external channels when possible
- Review uploaded files regularly
Data boundaries to think about
| Boundary | What to decide |
|---|---|
| Agent boundary | Which files and instructions belong to one Agent |
| Workspace boundary | Which team members can manage or use the Agent |
| Channel boundary | Which external users can reach the Agent |
| Session boundary | When context should continue versus reset |
Operational best practices
- Do not upload documents the Agent should never reference
- Create separate Agents for different departments or customers
- Test channel behavior with non-sensitive content first
- Define human escalation rules for sensitive or ambiguous cases
For regulated or enterprise use
If you handle contracts, HR files, financial records, or customer support data, decide up front:
- Which data can be uploaded
- Who can access each workspace
- Which channels are approved
- What audit trail your team needs