Coming soon Digital Results Pros is preparing to staff AI specialists. Join the founding waitlist.

Join waitlist →

← Privacy notice · Security

Architecture · education

Where your data goes when an agent works

Privacy is not one switch. It depends on where models run, who operates the metal, and whether voice audio ever leaves your environment. This guide explains the tradeoffs — for buyers evaluating DRP and for our own deployment design.

Last updated · Pre-launch guidance (not a live SLA)

Status: Digital Results Pros is not yet operational. The patterns below are how we think about staffing privacy at launch — not a guarantee of every deployment option on day one. Founding customers will choose a processing tier in the pilot SOW.

Compute location

Who runs the GPU/CPU that sees prompts, documents, and tool results — you, a hoster, or a multi-tenant AI API.

Data path

What leaves your network: nothing, ciphertext only, text prompts, or raw audio streams and recordings.

Contractual layer

DPAs, no-training clauses, retention, region, and subprocessors. Technical isolation and legal terms both matter.

Processing tiers

Same agent job (expense clerk, EA, support) can be delivered on very different privacy postures. Cost and model quality usually move the other way from isolation.

All local (customer premises)

Models and tools run on hardware you control in your building or private rack.

Highest isolation

Compute

Your servers / workstations / on-prem GPU

Data egress

Typically no — prompts, documents, and audio stay on your network (except tools you connect outward).

Who can access

Your admins, your physical security; DRP only if you grant remote ops access.

Voice on this tier

STT/TTS can run fully on-box (e.g. local Whisper + local vocoder). No audio to third-party voice APIs unless you enable them.

Cost: high Ops burden: high Best for: Air-gapped, regulated, or “data never leaves the building” mandates.

Rented VPS / bare metal / GPU host

Dedicated or single-tenant machines you rent (Hetzner, OVH, CoreWeave, Lambda, etc.).

High isolation

Compute

Provider data center; often single-tenant VM or bare metal you administer

Data egress

Leaves your office, but can stay inside an environment you encrypt and administer — not a multi-tenant LLM SaaS by default.

Who can access

You (root/SSH); the host has physical/facility access. Legal process and host support can matter. DRP if contracted to operate the box.

Voice on this tier

Same stack as local: self-host STT/TTS on the rented GPU. Or point only non-sensitive channels at cloud voice APIs.

Cost: medium-high Ops burden: medium Best for: Strong isolation without owning hardware; EU/US region choice; cost control vs hyperscale.

Private cloud VPC (AWS / Azure / GCP)

Your account, your VPC, your keys — still on a hyperscaler’s substrate.

High isolation

Compute

Cloud VMs / Kubernetes / managed GPUs in a region you pick

Data egress

Data is in the cloud provider’s facilities under your account boundary. Not the same as sending every prompt to a public AI API.

Who can access

Your IAM principals; cloud provider under their access policies and legal process; auditors you authorize.

Voice on this tier

Self-host voice in the VPC, or use region-locked managed speech APIs with DPAs. Recordings in your buckets with retention rules.

Cost: medium Ops burden: medium Best for: Enterprise IT that already lives in AWS/Azure/GCP and wants network controls + IAM.

Public model / voice APIs

OpenAI, Anthropic, Google, Deepgram, ElevenLabs, Bedrock “API mode”, etc.

Shared infrastructure

Compute

Provider multi-tenant inference infrastructure

Data egress

Yes — prompts, tool I/O, and often audio bytes are sent to the provider for each request (subject to their retention and training policies).

Who can access

Provider operations under their terms; subprocessors; possible human review for abuse. Mitigate with zero-retention / enterprise contracts where offered.

Voice on this tier

Cloud STT/TTS is common and high quality, but audio is biometric-adjacent sensitive data. Prefer short retention, no training, and region selection.

Cost: lower Ops burden: lower Best for: Speed to value, best models, non-sensitive workflows, or when enterprise DPA + no-train terms are acceptable.

Hybrid (recommended default for many buyers)

Route by sensitivity: local/VPC for secrets; cloud APIs for low-risk bulk craft.

Configurable

Compute

Mix of customer/VPC compute and approved cloud APIs

Data egress

Only for classes of work you explicitly allow to leave (e.g. public web research, non-PII drafting).

Who can access

Depends on path — documented per workflow in the playbook.

Voice on this tier

e.g. internal HR voice on local STT; marketing voiceover via cloud TTS; or cloud STT with redaction before any LLM.

Cost: medium Ops burden: medium Best for: Real companies with mixed data: admin + support + public content.

At a glance

TierIsolationTypical costOpsLive voice default
All local (customer premises)Highest isolationhighhighCan be fully self-hosted
Rented VPS / bare metal / GPU hostHigh isolationmedium-highmediumCan be fully self-hosted
Private cloud VPC (AWS / Azure / GCP)High isolationmediummediumCan be fully self-hosted
Public model / voice APIsShared infrastructurelowerlowerOften cloud STT/TTS
Hybrid (recommended default for many buyers)ConfigurablemediummediumPer-channel choice

Voice agents: local, hybrid, or cloud

Voice adds audio as a data type — often more sensitive than text alone (identity, ambient sound, emotional content). An agent can still be “voice-native” in product terms while you choose different privacy paths for speech-to-text, reasoning, and text-to-speech.

Fully local voice

On-prem or rented GPU

Path: Mic/call audio → local STT → local LLM → local TTS → speaker/phone

Audio and transcripts need not leave your network. Highest control; more ops and hardware cost; quality depends on models you host.

VPC-hosted voice

Your cloud account

Path: Audio → STT/TTS containers or private endpoints in your VPC → your stores

Similar control profile to rented GPU, with cloud IAM, encryption, and region locks. Provider still operates the building.

Cloud speech APIs + private LLM

Split path

Path: Audio → Deepgram/Whisper API/etc. → text only into your VPC LLM

Audio hits a speech vendor; text may stay private afterward. Reduce risk with no-store contracts, short retention, and redaction.

Cloud speech + cloud LLM

All SaaS

Path: Audio and text both to third-party APIs

Fastest to ship. Strongest need for DPA, no-training flags, retention limits, and careful channel choice (don’t put secrets on the call).

Text-only agent (no live voice)

Any compute tier

Path: No real-time audio; optional pre-rendered samples for marketing only

Removes live biometric-adjacent capture. Many admin jobs (docs, expenses, CRM) never need a microphone.

What we treat as high-risk in voice

  • Long-term storage of call recordings without need
  • Cloud STT without retention / training controls
  • Sending full audio to an LLM when transcripts would do
  • Screening or HR interviews without clear notice

Practical defaults we like

  • Prefer transcript retention over raw audio when possible
  • Redact before logs leave the secure boundary
  • Human approval before external send on VIP channels
  • Admin jobs default to text — voice optional, not required

Match data class to tier

Don’t buy “maximum privacy” for every workflow. Buy isolation for the data that needs it.

Public / low sensitivity

Examples: Public web pages, published help docs, marketing copy

Cloud APIs usually fine; still avoid training-on-your-data if you care about IP.

Business confidential

Examples: Internal SOPs, non-public pricing, pipeline notes

Prefer VPC or rented GPU; if using APIs, enterprise no-retention / no-train terms.

Personal data (PII)

Examples: Names, emails, HR files, customer tickets

Minimize collection; encrypt at rest; short retention; know the subprocessors; legal basis if GDPR applies.

Regulated / special category

Examples: Health, biometrics, financial account numbers, children’s data

Default to local/VPC, strict access logs, counsel review. Live voice may be restricted or require consent.

Secrets & credentials

Examples: API keys, passwords, bank change forms

Never put in prompts if avoidable; vault + human approval; no public LLM APIs for secret material.

Common misconceptions

“Cloud always means our data trains the model.”

Many enterprise APIs offer no-training / zero-retention options. Still: data is processed on shared infrastructure — read the DPA and product terms, and prefer regional endpoints.

“Rented GPU is as private as air-gapped on-prem.”

You gain admin control of the OS and stack, but the host has physical access and legal process exposure. Encrypt disks, lock SSH, and know the jurisdiction of the rack.

“Local models can’t leak.”

Local models still write logs, connect to SaaS tools (email, CRM), and can be exfiltrated by misconfiguration or malware. Boundary design includes tools and humans, not just the weights.

“Voice is just another chat.”

Audio can reveal identity and environment. Treat live voice as a separate data path with its own retention and vendor choices.

How this shows up at DRP

  • Explicit tier in the engagement — local, rented GPU/VPS, private cloud, API, or hybrid — written into the pilot/SOW, not hidden in fine print.
  • Voice is optional and configurable — many admin roles never need a mic; when they do, STT/TTS path is chosen deliberately.
  • No surprise training — customer content is not used to train third-party foundation models without explicit opt-in (see also our privacy notice).
  • Subprocessors listed at launch — when operational, we will publish providers for hosting, email, and any cloud AI we actually use per tier.

This page is educational product guidance, not legal advice, not a DPA, and not a certification. Regulated workloads need counsel and a written processing agreement when services go live. Questions: ds@digitalresultspros.com.