Golden Gate Privacy Lab
This read-only lab defines how future Golden Gate runs should be treated before public use exists: public-safe, private, project-internal, or blocked.
Status: planning only. No public runs, payments, private vault, or live privacy automation are enabled.
Simple rule
Public use cannot launch safely unless users know what becomes public and what stays private.
The first public version should be public-safe only. Private mode comes later.
Privacy modes
Public-safe
Who it is for: New public users, free trials, public website/idea audits
User expectation: The user understands the run may be summarized publicly.
Public ledger: Can show query title, run type, status, summary, timestamp, and hash.
Private vault: Not required for first launch.
Allowed at first launch: YES
Warning: Do not enter private, sensitive, legal, medical, financial, confidential, or personally identifying information.
Private
Who it is for: Future paying users who need privacy
User expectation: The user expects the prompt and answer not to be public.
Public ledger: Shows redacted metadata only: Private Run, timestamp, status, hash, and maybe run type.
Private vault: Required before launch.
Allowed at first launch: NO
Warning: Private mode cannot launch until redaction, user accounts, private storage, deletion rules, and terms are seated.
Project
Who it is for: Ray/admin Golden Bridge project work
User expectation: Internal project continuity and governance memory.
Public ledger: May show project-run metadata depending on Ray’s chosen visibility.
Private vault: Optional; current prototype uses project ledger flow.
Allowed at first launch: RAY/ADMIN ONLY
Warning: Project mode is not the default for outside public users.
Blocked / Sensitive
Who it is for: Users entering prohibited or high-risk private content in the wrong mode
User expectation: The system should stop or warn before processing.
Public ledger: No public body should be created from blocked sensitive content.
Private vault: Not applicable unless a future safe/private route exists.
Allowed at first launch: NO
Warning: The run should be blocked, redirected, or require a safer mode before any provider call.
Ledger visibility matrix
The ledger can preserve continuity without exposing private content. Hashes, timestamps, and redacted metadata can remain public while full private bodies stay hidden.
Run ID
Public-safe mode: Visible
Private mode: Visible
Needed for continuity and support.
Timestamp
Public-safe mode: Visible
Private mode: Visible
Useful for ledger ordering.
User prompt / query
Public-safe mode: Visible only if user accepts public mode
Private mode: Redacted
Most important privacy gate.
Final answer
Public-safe mode: May be summarized or visible
Private mode: Redacted or private-only
Do not expose private answers publicly.
Run type
Public-safe mode: Visible
Private mode: Visible or generalized
Example: Website Audit, Quick Check, Falsifier.
Provider list
Public-safe mode: Visible
Private mode: Visible or generalized
Does not expose keys.
Provider raw outputs
Public-safe mode: Usually hidden or summarized
Private mode: Private-only
Raw model output can leak private content.
Entry hash
Public-safe mode: Visible
Private mode: Visible
Hash continuity can remain public without exposing content.
Payment or credit data
Public-safe mode: Never public
Private mode: Never public
Only safe receipts or accounting records should exist privately.
Blocked or sensitive content examples
These examples should not enter free public-safe mode. The future system should warn, block, or route them to a safer private mode only after the private system exists.
- Personal medical details
- Legal disputes requiring private advice
- Financial account details
- Passwords, API keys, seed phrases, private keys, or login codes
- Confidential business documents
- Private personal relationship details
- Government ID numbers or highly identifying records
- Private customer/client data
First-launch privacy rule
The safest first public body is:
- 3 free public-safe Quick Checks
- no private questions
- no sensitive data
- no uploads
- visible warning before run
- public ledger may show safe metadata and summaries
- private mode locked until redaction and private vault exist
Launch rules
- First public launch should allow public-safe runs only.
- Free trials should be public-safe Quick Checks only.
- Private mode should remain locked until private vault and redaction rules exist.
- The public ledger must not expose private prompts or private answers.
- Every public run must show a privacy warning before execution.
- No prompt should be sent to AI providers until the user accepts the selected privacy mode.
- Ledger continuity proves record custody, not claim truth.
- Human / Golden Atlas review remains final authority.
Golden Atlas status
- LOCKED: public users must know whether their run can appear in the public ledger.
- SELECTED: public-safe mode is the first launch body.
- TETHERED: private mode until private vault, redaction, deletion/contact process, and terms are built.
- PARKED: private paid runs, uploads, and sensitive-data workflows.
What this page does not do
- It does not create a private vault.
- It does not activate public use.
- It does not process payments.
- It does not create real Golden Credits.
- It does not change the ledger.
- It does not expose API keys.
- It does not provide legal advice.
Use rule
This page is a privacy design body. Its job is to prevent public-use drift before money, users, private questions, or automated runs are introduced.