The whole pitch of a self-improving sales brain is that knowledge is shared. One rep's win becomes every rep's opener. A new hire inherits the team's collected market knowledge on day one. But the moment you say "shared," a compliance officer's stomach drops, because the obvious way to build that is to pool everyone's call data into one bucket, and that bucket is now full of named prospects, phone numbers, and things people said on a recorded line.
So we did not build it the obvious way. The architecture separates what is true about a market from who a specific person is, and it does that split before anything is ever shared.
Three shared brains, all PII-free
There are three brains the whole organization draws from: an Outcome brain (what actually works), a Market brain (what is true about the vertical), and a per-rep Coaching brain (how this rep specifically improves). All three are shared, and all three are kept free of personal data. They capture the pattern, never the person, meaning the reframe that lands on a Series-B CISO, not the fact that Sarah at Northwind said it.
Prospect identity lives somewhere else entirely: a per-deal private memory, quarantined to the specific deal it belongs to. That is where a name, a company, a quote on a call can live, scoped tightly and never folded into the shared pool. The firewall between the two is the product.
The shared brains capture the pattern, never the person.
The Lobster Trap: screening the inputs
A firewall that only watches the front door is not a firewall. The real risk is the input path: a transcript, a pasted note, an uploaded document that contains either personal data or, worse, a deliberate attempt to smuggle instructions into the model. So the extraction pipeline runs every input through a standalone screen before anything reaches a shared brain.
We call it the Lobster Trap: easy to get into, designed so the wrong things cannot get back out into the shared knowledge. It is a layered check (a fast regex pass plus a small Haiku classifier) that looks for prompt-injection attempts and for personal data trying to ride along with a legitimate insight. Pattern-level knowledge passes through. Identities and injected instructions do not.
The planted-name test
Claiming a firewall works is cheap. So we test it adversarially: plant a real-looking name inside an input, run it through the full ingestion-to-extraction pipeline, and then inspect what actually landed in the shared brains. The metric is blunt on purpose.
- check_circleOutcome brain: what works, shared, PII-free.
- check_circleMarket brain: what's true about the vertical, shared, PII-free.
- check_circlePer-rep Coaching brain: how a rep improves, shared, PII-free.
- check_circlePer-deal memory: where prospect identity is quarantined.
- check_circleLobster Trap screen: regex + Haiku classifier on every input.
When the planted name does not appear anywhere in the shared brains, pii_hits = 0. That is the number we hold ourselves to. Not "we redact most of it." Zero hits on a name we deliberately tried to get through.
Why EU-first compliance is the wedge
It would be easy to treat this as a checkbox, a privacy footnote stapled to a US-first product. We think it is the opposite: compliance is the wedge. EU-hosted infrastructure, data export, and guarded account deletion are built in, not bolted on. For a team selling into Europe, that is the difference between a tool legal will approve and a tool legal will quietly kill.
And there is a strategic edge underneath the compliance one. A shared brain made of PII-free patterns, accumulated over thousands of real calls, is a proprietary data asset. A generic GPT wrapper cannot replicate it, because it does not have your calls, and it could not safely pool them if it did. The firewall is what makes the asset both valuable and legal at the same time.