The Core Principle
When a user triggers an AI action in your app, the system needs to answer two questions:- Who is making this request? (identity)
- What are they trying to do? (intent)
How It Works
User Intent Signature (UIS)
A UIS is a SHA-256 hash computed from:- Semantic tags — behavioural keywords (e.g.
commerce,cloud-infra,wellness) - Intent class — one of:
commerce,infrastructure,wellness,finance,education,social,other - TTL — expiry window for replay attack prevention
What Gets Stored
| Data | Stored? | Where |
|---|---|---|
| User name / email | ❌ Never | — |
| User ID | ❌ Never | — |
| IP address | ❌ Never | — |
| Semantic tags | ✅ In-flight only | Memory, not disk |
| Intent hash | ✅ In-flight only | Verified and discarded |
| Shield verdict | ✅ | Audit log (anonymised) |
Compliance Implications
Because no PII crosses the boundary:- GDPR — no personal data processed by Citadel → no DPA needed
- India DPDP Act — no “personal data” as defined in Section 2(t) touches Citadel
- HIPAA — no PHI transmitted → Citadel can be used in healthcare AI pipelines
- SOC 2 — audit trail on every verification without storing user identity