Data Handling FAQ

How Scout handles your data

Scout isn't a traditional vendor relationship. There's no upload step, no cloud cache, and no document content crossing our boundary. This page explains how that works — first in plain language, then in detail your IT, compliance, and risk teams can verify.

Answer 1

Documents stay on the workstation.

Member documents, NPI, loan and account data are processed on the local Scout application. They do not leave the workstation in identifiable form.

Answer 2

We do not train on your data.

By architecture and by contract, VisionFI cannot train, fine-tune, calibrate, or benchmark any AI or machine-learning model on your data.

The mental model: TurboTax, not an accountant

When you hire an accountant, you send them documents. When you use TurboTax, no one takes your data — the software runs on your computer. Scout follows the second model.

Traditional vendor

Data exchange

You send documents. They process them. You trust their environment.

The vendor takes custody of your documents. You inherit their employees, their network, their backups, and their breach posture. This is how most existing fintech relationships work.

Scout

Software + skills

We ship the application. Your workstation does the work. Documents stay with you.

VisionFI provides Scout Harness (the application) and the AI "skills" (instructions for reading each kind of document). Your workstation runs them on your data — without sending the data anywhere we can see.

Where the data lives

There are three players. Customer Content stays on the workstation; orchestration and inference flow on separate paths, each with its own guarantee.

YOUR WORKSTATION Deployment Environment Member documents / loan files NPI · borrower data · IDs · financials Scout Harness (runtime) Parses, extracts, applies QC rules Document content does not leave this box Inference call (outbound) Direct to Anthropic under ZDR trust boundary VISIONFI HOSTED SERVICES Scout HQ (control plane) Orchestrates Harness, manages skills, release intelligence, telemetry intake Built by schema not to receive Customer Content ANTHROPIC (INFERENCE PROVIDER) Foundation model under ZDR Transient processing · no storage No training on inputs or outputs Does not pass through VisionFI orchestration inference (ZDR)
Two outbound flows from your workstation: orchestration / telemetry to HQ (non-content), and inference to Anthropic (transient, under Zero Data Retention).

What happens when a document is processed

A typical example — a paystub submitted with a loan application — from drop-off to result.

1

A loan officer drops the document into the Scout folder.

The file stays on the workstation. There is no upload step.

on workstation
2

Scout Harness sees the new file and starts work.

Harness is the local application. It reads the file in place — nothing is sent out yet.

on workstation
3

Harness checks Scout HQ for the right "skill."

HQ tells Harness how to read a paystub. HQ does not see the paystub itself.

workstation → HQ
4

Harness sends the document to Anthropic for AI reading.

Direct call under Zero Data Retention. Anthropic returns the answer and keeps no copy. VisionFI never sees this traffic.

workstation → Anthropic
5

Harness validates the answer against your QC rules.

For example: "name and amount confirmed; date is older than 30 days — needs review."

on workstation
6

The result appears in your loan application or output folder.

The loan officer sees the extracted fields and any QC findings, and continues their workflow.

on workstation
7

Harness sends a "postcard" to HQ summarizing what happened.

Non-content telemetry only — e.g., "1 paystub processed in 3.2s; 1 review-required exception (date stale)." Never the document, name, or dollar amount.

workstation → HQ

Frequently asked questions

Plain answers to the questions IT, compliance, and risk teams typically raise.

General
If VisionFI isn't getting our data, how are you running things?

VisionFI isn't running things on your data. Your workstation is running things on your data, using software and instructions VisionFI provides. The application and the skills are the rules of the game; the workstation does the work, on the workstation, with the documents the workstation already has.

What's the difference between Scout Harness and Scout HQ?

Scout Harness is the application installed on your workstation. It does the document processing — reading files, extracting fields, applying your QC rules, producing the result.

Scout HQ is the control plane hosted by VisionFI. It provides Harness with the skills (instructions) for processing each kind of document, manages release intelligence, and receives back non-content telemetry. HQ does not see document content.

Is there a self-hosted option?

Yes. Self-hosted HQ — where HQ runs in your own infrastructure — is a supported deployment option. The default Desktop Data Sovereign deployment uses VisionFI-hosted HQ; either choice keeps Customer Content on the workstation.

Data flow
Where do our documents live?

Documents live on your workstation. They are read in place by Harness, sent transiently to Anthropic for AI reading under Zero Data Retention, and the result is written back to your output folder.

Documents only ever exist in two places: your workstation, and (transiently) Anthropic under ZDR. There is no cloud upload step, no VisionFI-side cache, and no document storage on VisionFI infrastructure.

What does VisionFI receive about our usage?

VisionFI receives a defined, enumerated set of non-content operational metadata called Telemetry. The full schema is published in the VisionFI Subscriber Console and reproduced as Appendix A to the Data Handling Addendum. Permitted Telemetry fields include:

  • Transaction counts and timestamps
  • Processing durations
  • Model identifiers and version identifiers
  • Aggregated confidence-score distributions (histograms, not per-field values)
  • Categorical exception codes (e.g., document_unreadable, schema_mismatch)
  • Inference provider identifier and region
  • Harness version identifier
  • Deployment Environment identifier (an opaque ID, not hostname or user)

Separately, VisionFI processes Administrative Data you provide to administer the relationship: administrator names and business email addresses, billing contacts, license-key holder records, and support ticket content.

What does VisionFI not receive?

By schema and by contract, Harness-to-HQ traffic cannot include:

  • Document content of any kind
  • Member or borrower names
  • Account numbers, loan amounts, transaction dollar values
  • Government identifiers (SSNs, ITINs, driver's license, passport)
  • Addresses or contact information
  • End-user login credentials

Inference call payloads are sent directly from Harness to Anthropic and do not pass through VisionFI or HQ. The Data Handling Addendum enumerates these categorical exclusions in §3.5.

How can our IT team verify the data flow?

The architectural guarantee is independently verifiable using standard tools your team already has — endpoint detection and response (EDR), host-based firewall logging, perimeter network monitoring, or a corporate web/SSL proxy.

From a workstation running Harness, you should see exactly two egress destinations:

  • The VisionFI HQ endpoint — orchestration and non-content telemetry
  • The Anthropic API endpoint — inference traffic, transient under ZDR

There is no third destination to which document content is sent in identifiable form. The Telemetry schema is versioned; any material change requires at least 60 days' written notice under DHA §3.1, with an opportunity to object.

AI & training
Does VisionFI train models on our data?

No. VisionFI does not, and will not, use your data — of any kind — to train, fine-tune, calibrate, or benchmark any machine-learning or AI model. This applies to Customer Content (which we don't receive), Telemetry, Administrative Data, Opt-In Feedback (if elected), and any sample obtained through a clean-room engagement.

This is enforced two ways: architecturally, because we cannot train on data we do not possess; and contractually, in §5 (Negative Covenants) of the Data Handling Addendum, which prohibits training even on de-identified data without your express written consent.

Does Anthropic train on our documents?

No. All inference runs against Anthropic under Zero Data Retention (ZDR). Anthropic processes the request, returns the answer, and keeps no copy. They do not train on the inputs or outputs.

Two paths are supported, and both require ZDR:

  • Anthropic via VisionFI's first-party ZDR entitlement (our contractual posture flows through), or
  • Your own Anthropic API key under your direct agreement with Anthropic, with the requirement that your agreement include ZDR.

The data-handling posture is identical; the difference is only who holds the Anthropic commercial relationship.

If you don't learn from our data, how does Scout improve?

The improvement happens in the skill layer, not the model layer. Skills are software artifacts authored by VisionFI — versioned, signed, and shipped to Harness through HQ the same way any enterprise software receives an update.

VisionFI knows what to improve from three sources, none of which carry document content:

  • Telemetry — categorical exception codes reveal which document types are throwing surprises across the customer base.
  • Industry monitoring — GSE form updates, state DMV releases, IRS form revisions, watched directly by our product team.
  • Opt-In Feedback & clean-room engagements — only with your express, written consent.

When a form changes, we publish an updated skill, HQ pushes it to your Harness, and the next document of that type is read with the new instructions. No retraining cycle, no reconfiguration on your end.

What is "Opt-In Feedback"?

If you choose to enable it in an Order Form, the workstation transmits structured accept / reject / review-required signals to HQ, identified by an opaque finding identifier and an opaque reviewer identifier. It contains no document content and no Personal Data, and it remains subject to the §5 prohibition on training without your express written consent. It can be disabled in the Subscriber Console at any time, taking effect within one business day.

Compliance & contracts
How do we get a copy of the Data Handling Addendum?

Email sales@visionfi.ai to request the DHA, the Telemetry schema (Appendix A) in machine-readable form, or our SOC 2 Type II report under NDA.

What sub-processors are involved?

Sub-processors are enumerated in DHA §7. The two that touch the Scout deployment are:

  • Anthropic — foundation-model inference under Zero Data Retention.
  • Microsoft Azure — hosting for Scout HQ and supporting tooling. Azure does not process Customer Content; HQ is built by schema not to receive it.
How are security incidents handled?

Notification, cooperation, and scope are governed by DHA §9. Because Customer Content does not flow to VisionFI, the realistic incident surface on our side is limited to Telemetry, Administrative Data, and the control plane — and the contract is explicit about how each is handled.

What about audit rights?

DHA §10 covers audit rights, including SOC 2 Type II evidence and regulator access. Reach out to your VisionFI contact to schedule a review or request artifacts under NDA.

Reference: where to find this in the contract

Each topic above maps to a section of the VisionFI Data Handling Addendum (DHA).

TopicDHA section
Architectural guarantee§1   The foundational commitment
What VisionFI receives (Telemetry, Admin Data)§3.1, §3.2 · Appendix A   Telemetry schema
What VisionFI does NOT receive§3.5   Categorical exclusions
No-training / no-resale / no-re-identification§5   Negative covenants
Sub-processors (Anthropic ZDR, Microsoft Azure)§7   Sub-processors
Security incidents and notification scope§9   Security incidents
Audit rights and compliance artifacts§10   Audit rights
Retention of Telemetry and Administrative Data§12   Retention & deletion

Need the long version?

We're happy to send the full Data Handling Addendum, the Telemetry schema in machine-readable form, or our SOC 2 Type II report under NDA.

Email sales@visionfi.ai