Blueprint companion
How to use the Privian Blueprint
What the Blueprint contains, who it is for, and how founders, security and procurement teams use it to accelerate enterprise AI reviews.
As of 2026-07-01. The Blueprint itself lives at /blueprint (web) and /Privian-Blueprint.pdf (PDF).
Definition
The Privian Blueprint is a single procurement and security review document that describes the data path, retention, BYOK and scope of Privian. This guide explains what the Blueprint contains, who it is for, and how founders, security and procurement teams use it to accelerate enterprise AI reviews.
Definition
What the Blueprint is
The Blueprint is the artifact reviewers accept. This guide is the map that tells you when to hand it over.
Contents
What the Blueprint contains
Framework
Blueprint sections
- 01
Executive summary
One-page orientation — what Privian is, what it is not, who it is for.
- 02
Clean data path
Masking, BYOK boundary and what actually reaches the model provider.
- 03
What reaches the model
Per-data-class table of what crosses the BYOK boundary and what does not.
- 04
Retention model
What is stored, what is not stored, and where each record lives.
- 05
BYOK
Credential ownership, provider billing, encryption at rest and in-process handling.
- 06
Subprocessors
Operational subprocessors and the BYOK provider you select.
- 07
Security review questions
Concise, extractable answers to the questions reviewers ask most.
- 08
Limitations
An explicit list of what Privian does not do — scope, not marketing.
Audience
Who the Blueprint is for
Founders & CTOs
- Attach once when procurement opens a security review.
- Reference from the sales thread when a buyer asks 'do you have a security packet?'.
- Pair with /enterprise-ready-ai for the commercial framing.
Security teams
- Verify the data path against the diagram at /data-path.
- Cross-check the retention model against /security/data-handling.
- Confirm the BYOK boundary against /docs/concepts/byok.
- Use §7 answers as questionnaire scaffolding.
Procurement teams
- Combine with /legal/dpa and /legal/subprocessors for contracting review.
- Use §8 limitations to size scope before internal approval.
- Point risk & vendor management teams at /compliance-roadmap for posture status.
Enterprise buyers
- Read the executive summary and the data path first.
- Move to the retention model and BYOK sections next.
- Follow the linked pages for deeper implementation detail.
Accelerate reviews
How to move faster through enterprise reviews
Framework
Review accelerators
- 01
Send one URL, not five attachments
Forward /enterprise-trust-package to index every asset in a single message.
- 02
Answer with §-level references
Reply to questionnaire items with 'Blueprint §4 (Retention)' — reviewers can verify in one click.
- 03
Pair with the Compliance Roadmap
Roadmap addresses attestation status; Blueprint addresses implemented controls. Together they answer 90% of gating questions.
- 04
Route legal to the DPA overview
Combine the DPA overview and the subprocessor list to shorten legal review.
- 05
Route engineering to Data Path & Architecture
Technical reviewers accept the Blueprint faster when they can see the per-hop implementation.
- 06
Keep this page as a Slack canvas link
Give internal champions inside the buyer a stable URL to reshare across teams.
Trust resources
Trust resources referenced from the Blueprint
- Trust Center
Posture, controls, retention boundaries.
- Compliance Roadmap
Implemented, in-progress and planned — dated.
- Enterprise Trust Package
Single-URL index of every trust asset.
Security resources
Security resources referenced from the Blueprint
- Security
Security model and data-handling posture.
- Data handling
Retention model in detail.
- Subprocessors
Operational providers and the BYOK boundary.
Architecture resources
Architecture resources referenced from the Blueprint
- Architecture
How the gateway is built end-to-end.
- Data path
Per-hop view of what enters, leaves and is retained.
- BYOK
Implementation reference for bring-your-own-key.
Send one document
Blueprint
FAQ
Frequently asked questions
- What is the Privian Blueprint?
- A single procurement and security review document that describes what reaches the model, what is retained, how BYOK works, which subprocessors are involved, and what Privian explicitly does not do. Available as a PDF and as a web version at /blueprint.
- Is the Blueprint Guide a replacement for the Blueprint?
- No. The Blueprint remains canonical — this page explains how to use it. Reviewers who want the full reference should read /blueprint or download the PDF at /Privian-Blueprint.pdf.
- Which sections does the Blueprint cover?
- Executive summary, clean data path, what reaches the model, retention model, BYOK, subprocessors, security review questions and limitations & trust boundaries.
- How do founders use the Blueprint during a sales cycle?
- Attach it once when procurement opens a security review. It answers most standard questions without a back-and-forth, and it makes explicit what is and is not in scope so reviewers can focus quickly.
- How do security teams use it?
- As a per-hop data-path reference and a retention statement. The Blueprint maps directly to the questions in a standard AI vendor security questionnaire.
- How do procurement teams use it?
- As the trust-and-contract anchor. Combined with the DPA overview and the subprocessor list, it covers most procurement gates before an executed agreement.
