PrivacyNo Direct PIISynthetic Examples
Privacy-minimized review posture
The review build is designed to separate identity linkage from application processing and to limit downstream storage to embeddings plus constrained metadata tied to pseudonymous learner UUIDs.
Review Section
Privacy posture
The review build emphasizes data minimization and separation of identity linkage from application-facing records.
- Posture 1
- Review-facing environment with privacy-minimized data handling.
- Posture 2
- Pseudonymous internal identity model based on learner UUIDs.
Review Section
Not stored in the review build
The following categories are intentionally excluded from this frontend review phase.
- Student names
- Email addresses
- SIS identifiers
- Raw discussion text
- Raw assignment text
- File uploads
- Long-term raw launch tokens
Review Section
May be stored
These fields represent the persistent downstream-safe representation used for application processing and review.
- Learner UUID
- Event type
- Timestamp
- Fixed-length embedding
- Model version
- Provenance tag
- Allowed-use tag
Review Section
Identity separation
Identity linkage remains restricted so downstream records can remain limited to embeddings plus constrained metadata tied to pseudonymous learner UUIDs.
- Separation 1
- Platform identity linkage is stored in a restricted private mapping table.
- Separation 2
- Downstream records use learner UUIDs, embeddings, and constrained metadata rather than direct identifiers.
- Separation 3
- UI examples remain synthetic for review.
Identity linkage remains separated through a restricted mapping table, while only embeddings and constrained metadata exit the secure preprocessing boundary for downstream use.