HEADSDOWN TRUST

AI data use

HeadsDown learns from outcomes, not your code. The live agent-run event path is designed around structured metadata, and the routing-decision API spec follows the same privacy boundary when it ships.

Draft trust page

This trust page is counsel-ready draft content, not a final published policy. It must stay draft-labeled until legal, security, product, subprocessor, and cookie/analytics reviews are complete.

The privacy boundary described here applies to implemented metadata-only agent-run event and outcome-reporting surfaces, and to the routing-decision API boundary when it ships. Older or user-entered product surfaces may store text deliberately submitted through those surfaces.

Prior versions are archived manually in source control before publication changes, following `docs/legal/archive/README.md`.

Draft version: 0.1
Effective date: Pending counsel review
Last updated: May 2, 2026

What the metadata path stores

For agent-run events, HeadsDown stores bounded facts that help explain what happened and whether the call worked. Those facts are categories, counts, buckets, booleans, timestamps, opaque identifiers, call keys, action keys, reason codes, validation status, and outcome metadata.

Run and client metadata: Event type, schema version, run id, source, client kind/name/version, actor kind, `metadata_only` privacy mode, and idempotency key.
Task and progress metadata: Task category, task size bucket, elapsed seconds, tool-call counts, file-count buckets, validation level, validation status, retry count, scope-changed flag, and progress state.
Calls, actions, and outcomes: HeadsDown call keys, action keys, reason codes, queue/continuation identifiers, deferred-decision categories, outcome keys, feedback keys, and value-evidence references.

What HeadsDown does not accept in the metadata path

The metadata path does not need work content to call the play, and it is not the place to send content.

Prompts, transcripts, or model responses.
Source code, diffs, patches, snippets, or file contents.
File paths, repository names, branch names, remote URLs, PR bodies, issue bodies, or commit messages.
Terminal output, stdout, stderr, test logs, build logs, stack traces, or screenshots.
Calendar event titles, descriptions, attendees, locations, or meeting links.
Slack, email, chat, notification, or direct-message contents.
Secrets, access tokens, API keys, passwords, cookies, or environment variables.

Validation boundary

The live agent-run event path accepts a documented event schema and `metadata_only` privacy mode. It rejects unsupported event fields and unsafe string values before storage, records privacy-safe rejection metadata, and does not store rejected payload contents. The broader routing-decision endpoint is still in development and is expected to inherit the same metadata-only shape when it ships.

Live today

Agent-run event submission with `metadata_only` privacy mode, structured payload validation, privacy-safe rejection metadata, and calibration/outcome substrate.

In development

The public routing-decision endpoint, partner OAuth details, metering, developer dashboard, and public docs site.

Not claimed here

No claim that HeadsDown receives prompts, code, paths, logs, messages, or conversation content to make agent-run calls.