AI and Confidentiality: Why Architects Are Right to Be Cautious (And What We Did About It)

Architecture project communication and meeting notes context

This guide focuses on architecture meeting notes, architecture coordination meetings, and tracking design decisions with clear project communication.

Why architects are right to be cautious

A typical project transcript can include more sensitive information than people realize. You will see client names, property addresses, budget numbers, consultant conflicts, contractor disputes, and personal preferences that are nobody else's business. On residential projects, especially private custom homes, discretion is not a bonus feature. It is part of the job.

The concern with AI tools is straightforward. Where does the data go, who can see it, and is it used to train a model. Those are professional questions. They are not panic. Most AI products still do a poor job explaining their data flow in plain language, and that makes people trust them less. I do not blame anyone for being cautious when the explanation is vague.

General tips, even if you never use Datum Notes

If I were advising another architect over coffee, I would say this first, keep your judgment on when to use digital tools. If a meeting includes deeply sensitive details like home security setups, private family situations, or anything that would harm trust if exposed, do not put that detail into a tool you do not fully understand. Use discretion before anything gets pasted anywhere.

I would also say to look at contracts. A lot of standard project agreements do not clearly explain how digital project information is handled. It is worth adding language that covers this. I would also separate two questions that often get mixed together. One question is where a tool stores your project data. Another question is whether that tool sends data to a third party service for processing. Those are different risk profiles. If a company cannot answer those questions clearly, that is a red flag.

How Datum Notes works, the honest version

Here is the plain flow. You paste a transcript into Datum Notes and it is saved in your project database on Supabase. At that point, nothing has been sent to the AI yet. It is just stored in your account like any other project record.

When you run an AI feature, the server checks your project privacy mode first. Depending on the route, Datum Notes may use Google Gemini or Anthropic, but the privacy mode is enforced server side before project text is sent to any external model.

The four modes are simple. Fully Open sends project text as written. Semi Private applies pattern based filtering before AI processing, including emails, phone numbers, URLs, addresses, and common name patterns. Fully Private applies heavier redaction so the AI receives a more abstracted version of the project data. Zero AI blocks external AI processing entirely and routes the feature through a deterministic fallback when one exists.

I want to be clear about limits. The filtering is pattern based. It is useful and it catches common identifying details, but it is not perfect and it is not magic. You still need judgment about what you paste into any system.

Why this matters to me personally

I am not writing this as a detached software founder. I am an architect, and I built Datum Notes because I needed it on my own projects. I have the same confidentiality obligations to my clients that you do. When criticism came in from architects and from Reddit, it was not abstract to me. It was feedback about a tool I personally rely on.

The updates were not a PR exercise. They were product changes that needed to exist. Server side privacy enforcement is in the AI paths, the product now supports four privacy modes including Zero AI, and the public data handling page exists so people can inspect the flow without guessing. Those changes happened because the concern was valid.

Where to learn more

If you want the technical breakdown in plain language, read /how-we-handle-your-data. It explains what is stored, what is transformed, what is sent for AI processing, and what is logged for traceability.