Trust as Architecture
Trust as Architecture
How customer data moves, where it lives, who can touch it, and how integration earns its way forward.
Master Data Architecture v1.0 · May 2026 · Customer-presentable
The Promise
Only authorized systems and approved client-side users access the minimum data needed for the function. Every access path is scoped, encrypted, masked where masking applies, and auditable. NxI staff do not browse customer data. Model providers do not train on it. Every high-impact action requires human approval before it executes.
Delivered by architecture, not by policy.
Covenant
Three-state authority gating
Autonomous
Reads, drafts, recommendations. System executes without approval.
Human-in-the-loop
Drafts written by AI. Humans approve before execution. Default for any writeback.
Irreversible
Blocked. The system never executes. Payment, payroll, vendor contracts, record deletion.
Deployment Models
Three deployment models. One architecture. The customer chooses where the boundary sits.
Model A · Customer Cloud
Inside the customer's cloud account. Customer owns keys, policies, network, audit. Default recommendation for sensitive operators, healthcare, defense.
Model B · Private Tenant
NxI-hosted, tenant-isolated. Bring-your-own-key encryption. Per-customer logical and cryptographic isolation. No shared databases.
Model C · Hybrid Edge
Raw ingestion, redaction, aggregation inside the customer's network. Only approved features cross the boundary. AI never sees raw records.
In every model, the customer can shut NxI off without a migration.
Pilot Phasing
Engagements move through stages. Each stage expands access only after the prior stage clears.
Discovery
System inventory, data classification, integration plan. No credentials required.
Sanitized POC
Masked or synthetic values. Architecture demonstrated end-to-end.
Read-only Live
Dedicated service accounts, minimum scopes, encrypted storage. No writeback.
AI Recommendations
Live data, derived outputs only. No actions in customer systems.
Drafts
AI generates drafts of high-impact artifacts. Humans approve.
Controlled Writeback
Approved drafts execute through customer-system APIs under Covenant gating.
Handshake to first writeback: 60 to 120 days. Pace is set by the customer.
Data Minimization
Customers authorize fields, not databases.
| Data class | Default posture | Treatment |
|---|---|---|
| Operational data (sales, inventory, vendor lists, POs) | Ingested at the aggregation level the function requires | Encrypted, scoped by location and region |
| Pricing, recipes, vendor terms, contracts | Ingested when the function requires | Confidential IP. Field-level encryption. Smallest-set access. |
| Cardholder data | Never ingested | Out of PCI scope by design |
| Customer PII (guest names, contact info) | Not ingested unless the function requires it and the customer authorizes | Encrypted, masked, function-scoped |
| Employee PII (SSN, bank, biometrics) | Not ingested | Role and hour aggregates suffice for labor functions |
| Free-text notes, surveillance, biometrics | Not ingested by default | Often contains private content the customer did not intend to share |
Action Gating
Every action classified by risk. Gated accordingly.
| Action | Risk | Rule |
|---|---|---|
| Forecast, flag variance, recommend par changes, draft PO, suggest transfers, rank vendors, detect waste, create exception reports | Low / Medium | AI executes autonomously. Recommendations and drafts only. |
| Submit purchase order, approve invoice, change par level, change schedule | High | Human approval required before execution |
| Change vendor price, change menu price, change recipe | High | Human approval required. Logged with reason. |
| Post accounting entry, modify payroll, alter tax or payment settings, delete records | Irreversible | Blocked. AI never executes. |
Access Control
Zero standing access. Authority granted by role, scoped by function, revocable by the customer.
| Actor | Default access | Raw data | Notes |
|---|---|---|---|
| Customer executive sponsor | Reports, dashboards | Limited | Based on customer role policy |
| Customer security / admin | Audit logs, access policies | Yes, if authorized | Customer's data, customer's control |
| Store / location manager | Operational outputs | Location-scoped only | No broad raw access |
| NxI support | Health metrics, redacted logs | No | No raw payloads ever |
| NxI engineering | Code, infrastructure | No | No production data by default |
| AI model | Minimum scoped context | No full database | Retrieval-limited |
| Model provider | Inference window only | No training | Data-processing terms required |
| Break-glass responder | Temporary, approved | Possible | Time-limited, logged, customer-notified |
Operating Disciplines
Support blind by default
Support sees system health, connector status, redacted error categories. Support does not see raw payloads, business data, vendor pricing, recipes, employee data, or credentials. Tickets, Slack channels, and email never contain raw customer data.
No production browsing
Engineers do not browse production. Production data is not copied into development. Customer screenshots are not shared. Break-glass access requires a ticket, customer approval, a time limit, and a post-access review.
Metadata, not secrets
Logs contain Job ID, connector ID, store ID, timestamp, record count, error category, schema version, latency, service account ID. Logs do not contain invoice line items, vendor pricing, recipe ingredients, employee names, guest data, secrets, or full model responses with sensitive values.
The AI should never need broad raw-data access when a scoped, masked, purpose-built data view will do.
Forge is the engine. Covenant is the gate. The Agentic Table is the instrument. The whole platform is the NxI Ecosystem.