Allowed signal
Topic category + language
The delivery path can use broad categories such as travel, education, coding, or finance, plus locale for policy and language fit.
Data firewall
Only the delivery signal leaves your app.
The firewall turns prompt-adjacent context into coarse topic category and language before anything reaches a configured ad path.
Blocked by default
Prompt, history, and users
Raw prompt text, conversation history, account details, identifiers, and model output are not forwarded in the recommended path.
Failure mode
No silent unsafe fallback
If consent, config, or routing readiness is missing, the sponsoring path blocks or falls back to a non-semantic mode.
01
Your app
Receives the user request and keeps sensitive context local.
02
Firewall
Reduces the request to minimal delivery metadata.
03
Policy gate
Checks consent, categories, blocked industries, and route readiness.
04
Partner path
Receives only the scoped signal needed for a placement decision.
What teams can tell privacy reviewers
Prompt sharing is off by default in the final server API snippets.
Semantic targeting requires explicit consent state in the request.
Publisher metadata is limited to app-level details and categories.
Missing or invalid setup does not create an implicit live ad path.