Security & data handling

Work happens where you want it to happen. We connect our experts to your platform — your labelling tool, your eval harness, your repository — or, if you prefer, to a dedicated environment we host for you, scoped to your engagement alone. Either way, the working environment is agreed up front and your data does not leave it. We do not quietly copy it elsewhere, and we do not pool it with another client’s.

PuffLabs is a services company, not a model company. Your prompts, completions, labels, rubrics, and any examples you share are used only to do the work you hired us for. We do not use your data to train, fine-tune, or evaluate any model of our own, and we do not feed it into third-party model providers for their training. Your data works for your project — full stop.

Only the named experts and QA reviewers actually assigned to your engagement can access your data, and only for as long as they are on it. There is no shared company-wide pool of people browsing your material. When someone rolls off your project, their access is removed. You can ask us at any time for the list of who is — and who has been — assigned to your work.

Nobody touches a client engagement until they have been personally vetted. Before any work begins, each expert goes through:

• a 1:1 video interview with our team, so we have met and verified the real person behind the account;
• identity verification against government-issued photo ID;
• background and sanctions screening before they are cleared to join a project.

Experts also sign a confidentiality agreement (NDA) and a contractor agreement before they are granted any access, so their obligations around your data are contractual, not just cultural.

Output is not shipped on trust alone. A separate quality-assurance layer reviews work before it reaches you — checking it against your rubric, catching errors, and keeping quality consistent across a team. This is a deliberate second set of eyes, independent of the person who produced the work, so mistakes are caught internally rather than by you.

You decide what happens to your data when the work is done. If you want everything deleted at the end of an engagement, we delete it and confirm. If you need us to retain certain materials for a defined period — for reproducibility, audit, or a follow-on phase — we retain exactly what you specify, for exactly as long as you specify, and no longer. The retention terms are agreed in writing as part of your engagement.

This is the core of how PuffLabs is different. The people doing your work are vetted, named experts — not an anonymous crowd, not gig-marketplace accounts you can’t trace. You know who is on your project, and we know too. That accountability runs all the way through: from the founders (who are operators from other AI labs) to the QA reviewers to the individual experts. When the work has a name attached, the quality — and the responsibility — follows.