Client Data and Asset Boundaries
AI Privacy Rule
Keep sensitive information out of general AI prompts, including names, family details, email addresses, phone numbers, account data, customer records, employee files, financial records, legal documents, medical information, and confidential business details. Use placeholders, redacted examples, or approved systems when needed, and keep human review before important actions. AI Privacy Rules
What Client Data Should Never Enter a Public AI Tool
Creative agencies hold a significant volume of client-sensitive information: unreleased campaign assets and brand materials, NDA-protected strategic plans, staging credentials and platform access details, private budget figures, competitor research commissioned by clients, and personal data about client employees or customers. None of this belongs in a public AI platform. The data boundaries you set before starting any AI workflow are the most important governance decision you make for each client relationship.
Build a Per-Client Prohibited Data List
Establish a written list of prohibited data categories for each client at the start of the engagement. At minimum this should cover: unreleased creative assets and campaign materials, credentials and access details for any platform or tool, budget and financial information, NDA-protected strategic or competitive information, and personal data about the client’s customers or employees. Review this list at account kickoff and when the scope expands to new campaign areas.
- Unreleased brand assets, campaign visuals, and pre-launch copy
- Platform credentials, staging URLs, and admin access details
- Client budget figures, billing rates, and contract terms
- NDA-protected campaign strategies and competitive intelligence
- Personal data about the client’s customers, staff, or vendors
- Proprietary product information not yet publicly released
How to Write Safe Agency Prompts
Safe creative agency prompts use category references and placeholders instead of actual client data. Instead of pasting in a real campaign brief with budget figures and launch dates, describe the campaign type and objective. Instead of including the client’s actual brand guidelines, reference the tone category and output format you need. Instead of naming a specific client, use a role description. This keeps your prompts useful while keeping client-sensitive information off platforms that were not designed to hold it.
Review and Update Boundaries as Accounts Evolve
Client data sensitivity changes as engagements grow. A client that started with a single campaign may now involve product launch materials, competitive research, and personal data from customer survey work. Review your prohibited data list whenever an account expands in scope, when a new product or campaign phase begins, or when new team members join the account. Data boundary management is ongoing account hygiene, not a one-time onboarding task.
Creative Agency Marketing Path
You have completed Step 1 — Creative AI Foundations. Return to the video page to continue with Step 2: Daily Agency Workflows.