Security & Architecture guide

For: CTOs and Chief AI Officers

TLDR:

The MagnetoMentor cloud app is a structured learning and workflow-building environment. It contains no AI engine, no large language model and no third-party AI integration. It does not send any data to an external AI service.

In practical terms: your people use MagnetoMentor to learn how to structure their thinking before they interact with AI – not to interact with AI itself. The AI interaction always happens inside your approved environment.

NO AI IN THE APP	NO DATA INGESTED	YOUR ENVIRONMENT
MagnetoMentor contains no AI engine. There is nothing to breach, intercept or leak.	No confidential text or documents enter our platform.	All AI processing stays inside your own approved, ring-fenced AI environment.

What is MagnetoMentor?

MagnetoMentor is an AI communication upskilling tool designed to teach the structured thinking skills needed to work powerfully with AI at work.

It is based on our 20+ years experienced in enterprise communication and corporate training at Magneto Communications where we upskill enterprise leaders around business writing, board paper writing, influential communication and presentation skills.

It teaches people to write well-structured prompts and communication workflows so they get better, more consistent output from AI tools.

How it works

The workflow is simple and fully contained within your security boundary:

User action	Builds a structured prompt or communication workflow inside MagnetoMentor
Data in MagnetoMentor	Structural templates, formatting guides and user-created prompt scaffolds only - no company data, no confidential content.
AI processing	Zero. MagnetoMentor contains no AI engine and makes no external AI API calls
How AI is used	The user copies their completed prompt out of MagnetoMentor and pastes it into your organisation’s approved AI environment (Copilot, approved custom GPT, or equivalent)
What leaves our platform	Nothing confidential. The only output is a structured prompt the user has written themselves.

Data handling and privacy

What we do not collect

Company documents or confidential content of any kind.
AI outputs (these never pass through our platform).

What we do collect

Anonymous usage data to support platform performance and improvement.
User name and email so they can save and share their workflow builds with their team.

Full details are set out in our Privacy Policy at: https://magneto.net.au/privacy-policy/.

AI governance alignment

MagnetoMentor is designed to sit comfortably within standard enterprise AI governance frameworks. Because the app contains no AI and processes no confidential data, it does not trigger the data handling, model risk or third-party AI assessments that apply to AI-enabled tools.

Key alignment points

AI sovereignty: All AI processing remains inside your own approved environment.
Data residency: We store account metadata (organisation names, user names, emails, etc.) and user-generated prompts, but no organisational documents or files are transmitted to or stored by our infrastructure.
Hosting infrastructure: The backend, frontend and database are hosted with Railway in their Southeast Asia region (Singapore).
Authentication: We currently only provide username/password with email verification.
Session data: We have structured server-side logging which goes to logs in Railway in Southeast Asia and we store registered and anonymous user sessions in the database as user records, along with any in-app activity (e.g. tool responses).
Compliance: We have security best practices in place:
- OWASP ZAP (DAST) and Semgrep (SAST) scanning in CI
- PII-free logging by design
- Rate limiting and account lockout
- Redis-backed token versioning (logout invalidates all tokens).
Shadow AI risk: The tool actively reduces this risk by building structured habits for approved AI use.
Governance support: Reinforces your AI usage policies by embedding them as training practice.

Client-side deployment available

For organisations requiring complete on-premises or private cloud deployment, MagnetoMentor can be deployed client-side within your own infrastructure. Contact us to discuss.