Posts Archive
Technical and litigation notes
Chatbot Appointment Setting — Consumer Rights
An appointment set by an AI chatbot is a representation made on behalf of the business. Whether it creates a binding contract, what disclosure is required, and what cancellation rights the consumer holds depends on the jurisdiction, the nature of the appointment, and the clarity of the chatbot's authority.
Data Privacy & GDPRLocal LLM vs Cloud LLM — The Privacy Tradeoff
Choosing Ollama over a cloud LLM API means conversation data never transits a third-party network. For a platform handling sensitive business conversations — sales negotiations, legal matters, HR discussions — this is a significant data protection advantage. But local inference is not a privacy guarantee by itself.
Data Privacy & GDPRRAG Systems and Copyright
A RAG pipeline ingests documents, chunks them, and stores vector embeddings permanently. Three legal questions arise: who owns the copyright in the ingested content, what happens when the retrieval reproduces copyrighted text verbatim, and what does a GDPR erasure request require when the "data" is a vector embedding?
Security & ComplianceDynamic System Prompts and Prompt Injection
Dynamic system prompt construction is powerful and dangerous. A client who embeds injection instructions in an agent mode fragment can cause the LLM to ignore all other instructions, reveal the system prompt, or produce outputs designed to harm their own users.
AI Governance & RegulationMulti-Tenant AI — Who Is Responsible for What the Bot Says?
A multi-tenant AI platform creates a three-party relationship: the platform (which controls the LLM and infrastructure), the client (which configures the bot's persona and modes), and the end-user (who interacts with it). When the bot says something harmful, legally inaccurate, or discriminatory — who is responsible?