# Security and Data Handling

Scoped. Contained. In-platform.

YouDesign Blueprints handles runtime data inside the customer's ServiceNow environment. This page is a plain-language summary for admins, security reviewers, and business stakeholders. Use it as a starting point for security review conversations. It does not replace a formal customer security review.

{% hint style="info" %}
This page summarizes runtime data behavior for security review conversations. For technical reference on architecture, identifiers, and role assignments, see ServiceNow Administration. For end-user role behavior, see [Roles and Permissions](/blueprints/start-here/roles-and-permissions.md).
{% endhint %}

{% hint style="info" %}

## Core position

YouDesign Blueprints operates inside the customer's ServiceNow environment as a scoped application. Blueprint data, template data, and user interactions stay inside the ServiceNow platform boundary.
{% endhint %}

## Data boundary summary

| Topic                            | What to expect                                                               |
| -------------------------------- | ---------------------------------------------------------------------------- |
| **Application runtime location** | Runs inside the customer's ServiceNow environment                            |
| **Primary application data**     | Stored in scoped ServiceNow tables under the application's scope.            |
| **Normal API calls**             | Sent to ServiceNow scoped endpoints for the application                      |
| **External product analytics**   | Not used. The application does not send analytics data to external services. |
| **AI runtime features**          | Not used. The application does not call external AI services.                |

## What the application stores

The application stores product data needed to support its workflows, including:

* Template definitions.
* Blueprint records and metadata.
* Blueprint canvas layout and content.
* Staged future-state content and relationship changes.
* Per-user settings and preferences.

## What user preferences are stored

The application stores preferences so each user gets a consistent experience across sessions.

Examples include:

* Theme.
* Language.
* Accessibility settings.
* Grid settings.
* Tutorial preference.
* Favorite templates and favorite order.
* Sorting preferences in **Home**, the **Blueprint Editor**, **Template Editor**, and **Auditor**.

These preferences make the application usable and consistent across sessions. They are not analytics or behavior tracking.

## Tracking and behavior monitoring

The application does not send user-behavior analytics or tracking events to external services.

In plain language:

* The application does not include analytics or usage-tracking features.
* Stored settings (theme, language, etc.) make the application usable and consistent across sessions.
* These are user preferences, not behavioral tracking.

## AI and token usage

YouDesign Blueprints does not include AI assistance features or call external LLM services.

That means:

* The application has no AI support workflow.
* It does not consume AI tokens.
* Using the application does not send blueprint content to external AI services.

## Data access by ins-pi

The application does not transmit customer blueprint content or source records to ins-pi systems. The application runs entirely within the customer's ServiceNow environment.

## Audit logging and data retention

Audit logging, data retention, and account deactivation use standard ServiceNow platform behavior for scoped applications. Your ServiceNow instance may add organization-specific retention or audit policies.

## What security reviewers usually want to hear

For stakeholder and review discussions, the most important points are:

* The application is a scoped ServiceNow application.
* The normal runtime stays inside the ServiceNow platform boundary.
* Application data is persisted in scoped ServiceNow tables.
* User settings are stored to support the experience, not to run analytics.
* The application does not include AI assistance features or consume AI tokens.

## Review note

If your organization requires a formal security or privacy statement, use this page as a starting summary. Pair it with your own ServiceNow platform review, role review, and instance-specific governance process.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ins-pi.com/blueprints/admin-and-governance/security-and-data-handling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.