Security & Architecture guide

For: CTOs and Chief AI Officers

TLDR:

Magneto Mentor is designed for AI upskilling. It works alongside your secure AI environment. The user builds AI and workflow prompts here but does not execute on AI tasks.
The ‘Workflow Builder’ uses a third-party AI service (Anthropic) to power AI-assisted features. If the user manually builds their own Persona or Power Prompt no AI is in use.
Only the user’s structured prompts and in-app answers are sent for processing. No organisational documents, files, emails or passwords leave the platform. We do not accept file uploads.
All AI processing runs through Anthropic’s commercial API, where inputs are not used to train models and logs are deleted on a short retention window.
AI calls are server-side only, rate-limited, and logged for every transaction.

What is MagnetoMentor?

Magneto Mentor is an AI communication upskilling tool. It teaches the structured thinking skills people need to work effectively with AI at work – writing clear prompts, building AI workflows, and getting consistent output from AI tools. It is designed to work alongside your secure AI environment.

It draws on more than 20 years of enterprise communication and corporate training experience at Magneto Communications, where we work with enterprise teams to improve their business writing, board paper writing, influential communication and presentation skills.

How it works

The workflow is simple and fully contained within your security boundary:

Step	What happens
User action	Builds a structured prompt or workflow inside Magneto Mentor by answering guided questions.
Data in Magneto Mentor	Templates, formatting guides, and the user's own answers and prompt scaffolds.
AI processing	The user's structured prompt and answers are sent server-side to Anthropic's commercial API for processing. The response is returned to the user inside Magneto Mentor.
What leaves our platform	The structured prompt and the user's answers to in-app questions. Nothing else. All AI task execution happens in your secure environment.
What stays in the platform	Account metadata (organisation, username, email), saved workflow builds, and usage logs.

Data handling and privacy

What is sent to the AI provider (Anthropic)

The user’s answers to in-app questions (text and selections).
Magneto Mentor tool data needed to construct the prompt (templates, structure and tone scaffolds).

What is not sent

Emails and passwords.
Organisation documents or any uploaded files (the platform does not accept file uploads).
Account metadata such as organisation name or user identifiers tied to the prompt content.

What we collect inside Magneto Mentor

Account metadata: organisation, username, email. These allow the users to save and share workflows.
Anonymous usage data for platform performance.
Saved prompts and workflow builds created by the user.

Responsible AI use

Every AI call is governed by controls designed for enterprise oversight:

Server-side only. No direct client-to-API calls. All AI traffic is brokered by our backend, so credentials, routing and content filters stay under our control.
Comprehensive transaction logging. Every AI call is immutably logged with user, organisation, token count, duration and status. The prompt content is not logged.
Quota enforcement. Rate limits and usage quotas apply at user, organisation and endpoint level.
No client-side AI. Users cannot bypass controls by calling AI services directly through the app.

Third-party AI provider

Magneto Mentor currently uses Anthropic (Claude) as its sole AI provider, accessed through Anthropic’s commercial API.

Key points for your AI governance review:

Anthropic’s commercial API terms state that retained data is never used for model training without express permission. (Claude API Docs)
Standard API log retention is 7 days, with deletion automated after that window. (Anarlog)
Anthropic’s Trust Centre.
Anthropic commercial terms.

AI governance alignment

Magneto Mentor is an AI-enabled tool and is designed to support your standard third-party AI assessment process.

AI sovereignty. AI processing is performed by a single named provider (Anthropic) under commercial API terms that prohibit training on customer inputs.
Data minimisation. Only the structured prompt content needed for the AI to respond is transmitted. Organisational documents, files and account credentials never leave Magneto Mentor. We do not accept file uploads.
Data residency. Application backend, frontend and database are hosted with Railway in Singapore (Southeast Asia). AI API calls are routed to Anthropic’s API endpoints.
Authentication. Username and password with email verification.
Session and audit logging. Server-side logging stored with Railway in Singapore. AI call logs include user, organisation, tokens, duration and status.
Security practices. OWASP ZAP (DAST) and Semgrep (SAST) scanning in CI, PII-free logging by design, rate limiting and account lockout, Redis-backed token versioning so logout invalidates all tokens.
Shadow AI risk. Magneto Mentor channels AI use through a governed, logged and rate-limited pipeline, replacing unmanaged personal accounts with an auditable enterprise path.
Policy support. The tool reinforces your AI usage policies by embedding structured-prompting practice into daily work.