How is data privacy handled for a custom AI agent?

Agents use least-privilege, per-integration access with your own credentials, so access can be revoked at any time. Business data is not used to train foundation models, secrets live in a managed secret store, and every action is logged to an auditable trail. Where residency or isolation matters, the agent runs on a model path you approve, including private deployments on infrastructure like Amazon Bedrock.

How do human-in-the-loop reviews work in practice?

Human review is a real hold in the agent's run. The agent does the work, then pauses on actions you've defined as consequential and routes them to a person with full context — what it found, what it proposes, and why. You configure the gates by action type, value, or confidence; low-risk actions can run automatically while anything sensitive waits for an explicit approve, edit, or reject. Each decision is recorded for audit and tuning.

How do custom AI agents differ from RPA tools?

Traditional RPA replays a fixed sequence of recorded UI clicks and breaks when a screen changes, a document looks different, or an unscripted exception appears. A custom agent works from the goal instead of the keystrokes: it reads unstructured inputs, integrates via APIs rather than screen-scraping, handles unseen cases, and escalates genuine ambiguity to a human instead of failing silently.

What is the ongoing management and monitoring process?

A custom agent is a managed system, not a one-time handoff. Every run is monitored for throughput, error rate, and the ratio of auto-handled to escalated items, with alerting on failures and upstream drift. Builds ship with runbooks for known failure modes and a smoke-test suite that verifies each change, and the agent is tuned monthly as your workflows, systems, and edge cases evolve.

Where does the agent run, and who hosts it?

Engagements run on infrastructure you approve during scoping — your cloud account, a dedicated environment, or a managed deployment, depending on your data-residency and isolation requirements. Privylaw, for instance, runs on a private model path on Amazon Bedrock. The hosting decision is made before any build work starts.

Can the agent operate entirely read-only at first?

Yes, and that's often how we start. A shadow or read-only phase lets the agent observe and propose actions without executing them, so you can verify its judgment against real cases before any write access or autonomous action is granted.

What happens to our data when an engagement ends?

Access is revoked from your side, credentials are rotated, and any working data is deleted per the terms we agree up front. Because the agent uses your own credentials and infrastructure, offboarding is a matter of turning access off — there's no vendor lock holding your data hostage.

How do you handle compliance and audit requirements?

Auditability is a build requirement, not an afterthought. Every action the agent takes — and every human approval, edit, or rejection — is logged with context, so you have a complete, reviewable trail for internal audit, compliance, or incident review.

What if the agent makes a mistake in production?

Consequential actions sit behind a human approval gate, so most mistakes are caught before they take effect. For anything that does slip, monitoring and alerting surface it quickly, the audit trail shows exactly what happened, and the runbooks define the fix. The smoke-test suite then guards against the same failure recurring.

Do you work with our existing security and IT teams?

Yes. Scoping includes your security stakeholders — access reviews, credential provisioning, and deployment sign-off all run through your team. The goal is an agent your IT and security functions are comfortable owning, not a black box dropped over the wall.

How long until a custom agent is live?

Most builds run four to six weeks from scoping to a hardened, in-production agent — Privylaw was six weeks, Five Star Quotes eight days for a tighter scope. Timeline depends on the number of systems involved and the depth of review and edge-case handling required.

What does ongoing management cost?

Engagements start with a fixed scoping fee, a fixed-scope build, then a monthly management retainer covering monitoring, tuning, and changes as your workflow evolves. The monthly figure is set against the scope of what's being managed and agreed before the build begins.

All answers

Enterprise FAQ

The questions enterprise buyers actually ask.

Short answer

Before a custom agent touches a real workflow, serious buyers want straight answers on four things: how their data is handled, how human review works in practice, how this differs from the RPA they've already tried, and what ongoing management actually looks like.

Here are direct answers to each — written the way I'd explain them on a scoping call, not a sales deck. If a workflow doesn't justify a custom agent, that's part of the answer too.

Book a free intro callUpdated June 2026

Data privacy & security

Your data stays yours — access is scoped, logged, and reversible.

Agents are built around least-privilege access. Each integration gets the narrowest scope the workflow needs — read-only where reads are enough, write access only on the specific objects it acts on — using your own credentials, OAuth apps, or service accounts, so access can be revoked from your side at any time.

Your business data is not used to train foundation models. Engagements run on enterprise model endpoints with training-on-input disabled, and where data residency or isolation matters, the agent runs against a model path you approve — including private deployments on infrastructure like Amazon Bedrock, as the Privylaw build does.

Least-privilege, per-integration scopes using credentials you own and can revoke.
No training on your data; enterprise endpoints with input-retention disabled.
Secrets held in a managed secret store, never in code or prompts.
Every action the agent takes is logged to an auditable trail you can review.

Human-in-the-loop in practice

Review isn't a checkbox — it's a hold built into the run.

Human review is a real step in the agent's run, not a disclaimer. The agent does the work — ingest, match, reconcile, draft — then pauses on the actions you've defined as consequential and routes them to a person with the full context attached: what it found, what it proposes, and why.

You decide where the hold sits. Low-risk, high-confidence actions can run automatically; anything that moves money, sends external communication, or crosses a confidence threshold waits for an explicit approve, edit, or reject. The reviewer's decision is captured, so the system learns where it can be trusted to act on its own over time.

Configurable approval gates by action type, value, or confidence score.
Each held item arrives with evidence and a proposed action, ready to approve or edit.
Approvals, edits, and rejections are recorded for audit and tuning.
Thresholds tighten or loosen as the agent proves itself on your data.

How this differs from RPA

RPA replays clicks. An agent reasons over the work.

Traditional RPA records a fixed sequence of steps against a specific UI. It's fast on rigid, unchanging processes — and brittle the moment a screen changes, a document is laid out differently, or an exception appears that wasn't scripted. The hard 20% (the exceptions) still lands on your team.

A custom agent works from the goal, not the keystrokes. It reads unstructured inputs, reconciles across systems via APIs rather than screen-scraping, handles cases it hasn't seen before, and escalates genuine ambiguity to a human instead of failing silently. That's why it holds up on document-heavy review and multi-system reconciliation where RPA stalls.

Ongoing management & monitoring

It's a managed system, not a handoff.

A custom agent isn't a project that ends at delivery — it's a system that runs in production and is managed monthly. Every run is monitored: throughput, error rates, the share of items auto-handled versus escalated, and any drift in how upstream systems behave. When something looks off, it surfaces before it becomes a problem.

Builds ship with the operational backing to keep them reliable — runbooks for known failure modes, a smoke-test suite that guards each change, and alerting on the metrics that matter. As your business changes — new edge cases, new systems, new rules — the agent is tuned to match, with each change verified before it goes live.

Monitoring on throughput, error rate, and auto-handled vs. escalated ratio.
Runbooks and a smoke-test suite so changes are verified, not hoped.
Alerting on failures and upstream drift before they reach your team.
Monthly tuning as workflows, systems, and exceptions evolve.

Side by side

Custom AI agent vs. traditional RPA

Both automate work. They diverge the moment the work stops being perfectly repetitive — which, for high-value enterprise workflows, is most of the time.

Criteria	Traditional RPA	Custom agent (sammartin.ai)
How it operates	Replays recorded UI clicks and fixed steps	Reasons toward a goal over your data and rules
Unstructured input	Needs rigid, predictable formats	Reads documents, emails, and varied layouts
System integration	Screen-scrapes the UI, breaks on UI changes	Connects via APIs across the tools involved
Edge cases & exceptions	Fails or kicks them back to your team	Handles them, or escalates with full context
Human review	Bolted on after the fact, if at all	A built-in approval hold on consequential actions
Maintenance	Re-record scripts when anything shifts	Monitored and tuned monthly as a managed system

FAQ

Related questions

Where does the agent run, and who hosts it?: Engagements run on infrastructure you approve during scoping — your cloud account, a dedicated environment, or a managed deployment, depending on your data-residency and isolation requirements. Privylaw, for instance, runs on a private model path on Amazon Bedrock. The hosting decision is made before any build work starts.
Can the agent operate entirely read-only at first?: Yes, and that's often how we start. A shadow or read-only phase lets the agent observe and propose actions without executing them, so you can verify its judgment against real cases before any write access or autonomous action is granted.
What happens to our data when an engagement ends?: Access is revoked from your side, credentials are rotated, and any working data is deleted per the terms we agree up front. Because the agent uses your own credentials and infrastructure, offboarding is a matter of turning access off — there's no vendor lock holding your data hostage.
How do you handle compliance and audit requirements?: Auditability is a build requirement, not an afterthought. Every action the agent takes — and every human approval, edit, or rejection — is logged with context, so you have a complete, reviewable trail for internal audit, compliance, or incident review.
What if the agent makes a mistake in production?: Consequential actions sit behind a human approval gate, so most mistakes are caught before they take effect. For anything that does slip, monitoring and alerting surface it quickly, the audit trail shows exactly what happened, and the runbooks define the fix. The smoke-test suite then guards against the same failure recurring.
Do you work with our existing security and IT teams?: Yes. Scoping includes your security stakeholders — access reviews, credential provisioning, and deployment sign-off all run through your team. The goal is an agent your IT and security functions are comfortable owning, not a black box dropped over the wall.
How long until a custom agent is live?: Most builds run four to six weeks from scoping to a hardened, in-production agent — Privylaw was six weeks, Five Star Quotes eight days for a tighter scope. Timeline depends on the number of systems involved and the depth of review and edge-case handling required.
What does ongoing management cost?: Engagements start with a fixed scoping fee, a fixed-scope build, then a monthly management retainer covering monitoring, tuning, and changes as your workflow evolves. The monthly figure is set against the scope of what's being managed and agreed before the build begins.

Who's behind the answer

Sam Martin

AI Scientist & Engineer

I'm Sam — an AI researcher and engineer with nearly a decade of hands-on machine learning in high-stakes settings. I co-invented Random Contrast Learning at Lumina AI and have applied ML to quantitative trading, cancer detection, and threat-detection systems used in federal and state environments.

sammartin.ai is a working agency, not a marketplace of contractors. I scope every engagement personally, build the agent with review loops and monitoring, and stay on to manage it as your business changes. If AI isn't worth it for a workflow, I'll tell you that before you spend anything.

See a real build

Keep reading

Custom AI agents vs. off-the-shelf tools How much does a custom AI agent cost?How an AI consulting agency works See the Privylaw case study

Have a workflow with real privacy, review, and reliability stakes? Let's scope it.

Book a free intro call