Responsible AI

Our commitments

Persona AI agents have a different risk surface than chatbots. They sound like specific people, run autonomously on schedules, and remember. We take that seriously, and the platform's defaults reflect it.

Disclosure

Personas must disclose AI status when asked. The default policy is required — a configurable persona-level setting that authoring tools and the Studio surface prominently. Operators serving anonymous users (e.g. NPCs in a game) may configure on-request with our written consent.

Impersonation

Building a persona that represents a real, identifiable person without that person's verified, ongoing consent is a violation of our terms. We require proof of consent for any "real-person" persona, publish a list of approved real-person personas, and monitor for misuse.

Memory + retention

  • PII redaction on memory write is on by default.
  • Per-record retention with auto-purge.
  • Forget API for individual records and full account purge for data subject erasure.
  • Memory is never shared across workspaces.

Tool sandbox

Tools can do real things — send mail, post to webhooks, update a calendar. We restrict what they can do at three layers:

  1. Persona policy — tools must be on the persona's allowlist.
  2. Argument validation — every call's args are checked against the tool's JSON Schema.
  3. Egress allowlist — outbound network calls are restricted to the tool's declared hostnames; private IP ranges are blocked.

Safety classifiers

A pluggable input + output classifier flags prompt injection, jailbreak attempts, and forbidden-phrase violations. Customers can use the regex default, the model-based provider, or supply their own (Lakera, Llama Guard, Presidio).

Budget caps

Every persona has hard caps — USD per day, tokens per day, wallclock minutes per day — beyond which autonomy ticks and chat are refused. There is always a kill switch.

Audit + replay

Every persona action lands in a hash-chained audit log. Any past chat turn or autonomy plan can be deterministically replayed against the same persona version it ran with. Tampering is detected by the verify endpoint.

Evals

The eval harness tests persona fidelity (style + content), memory recall on planted facts, pattern-of-life plausibility, autonomy quality, and a safety suite (prompt injection, jailbreak, refusal correctness, disclosure compliance). Regressions on any gate block deploys.

EU AI Act readiness

We classify each feature against the EU AI Act risk tiers, document the transparency and human-oversight controls, and keep them visible through the audit log and the persona's configurable safety policy. A formal risk register is published in the Trust center as it firms up.

What we ask of you

  • Tell users they're talking to a persona unless your context truly doesn't require it (e.g. a labeled NPC in a game world).
  • Don't impersonate real people without consent.
  • Set a budget. Run with safety classifiers on. Monitor your audit log.
  • Report misuse you see to abuse@personamesh.ai.