Deep Insights Agent is designed to answer questions about your customers without using their personal data. The main control is the one you manage: the agent only uses the custom fields and events you choose to make available. Choose carefully, and personal data stays out.
What's always excluded
Whatever your setup, the agent cannot see your customers' core identifying details:
- Names, email addresses, phone numbers, and street addresses are never available to the agent.
- Geographic data is limited to city, state, and postal code.
- Fields containing HTML are excluded, because they are too large to use.
These exclusions apply to every account. For more on how Ometria secures your data, see Security Overview.
You control what the agent can see
The agent only uses the custom fields and events you select in Settings > Deep Insights. Anything you leave out stays hidden from it, so this selection is where you decide what custom data the agent can use.
A custom field or event can hold personal data even when its name doesn't suggest it. A field named notes, delivery_instructions, or survey_response might contain a customer's name, email address, or other personal detail.
Before you make custom data available:
- Review every custom field and event you plan to select.
- Leave out anything that contains, or could contain, personal data.
- If you're not sure what a field holds, check its values before selecting it.
If your account can tag PII
Some accounts can mark a custom field or event as containing PII. Tagged fields and events are excluded automatically and don't appear in the selector, so they can't be made available by mistake.
PII tagging is currently only available to retailers who:
- onboarded to Ometria after 15 October 2025, or
- use only Ometria's CDP features.
If this applies to you, see Restricting PII (sensitive data) in Ometria. If you're not sure whether you have it, speak to your Customer Success Representative.
If you have this option, tag every custom field and event that holds personal data. Tagging applies wherever you use the agent and stops the field being selected later. If you don't have it, your selection in Settings > Deep Insights is what keeps personal data out.
Confirm your LLM environment settings
You use Deep Insights Agent inside Claude or Microsoft Copilot. Ometria does not use your data to train AI models, and enforces this at the account level.
Your own LLM environment has separate data settings, controlled by your organisation. Ask your IT or security team to confirm that your Claude or Microsoft Copilot workspace is set up so your data is not retained or used to train models.
Your responsibilities
You decide which custom data the agent can see, so a few checks stay with you:
- Review your selections in Settings > Deep Insights, and leave out anything containing personal data.
- If your account can tag PII, tag every custom field and event that holds personal data.
- Confirm you have a lawful basis to process the data through the agent, including any consent your customers have given.
- Confirm your LLM environment settings with your IT or security team.
- Speak to your Data Protection Officer if you are unsure whether a field or event is safe to make available.
If you're not sure
Don't make the field or event available until you've checked. Contact your Data Protection Officer or data protection lead first. If in doubt, leave it out. You can always add a field later.
Related articles
- Configuring custom fields and events
- Security Overview
- Restricting PII (sensitive data) in Ometria (the platform-wide PII tagging feature)
Comments
0 comments
Please sign in to leave a comment.