Safety model

Safety

Safety comes from boundary enforcement: minimal signals leave the app, consent gates semantics, failures fail closed, and every filled slot is provable.

Security modelUpdated 2026-04-20

Runtime boundaries

Safety is enforced at the boundary: the model path stays your model path, and the sponsoring path only receives the minimal signal you allow.

In the recommended setup, wavebird runs as a sidecar and does not need raw prompt text, conversation history, or user identifiers. See the data firewall.

Semantic relevance targeting is opt-in via explicit consent and CS profiles defined by Compute Sponsoring.

01

Separation

ad decisioning runs outside model I/O.

02

Data minimization

only topic category + language are shared (when allowed).

03

Fail-closed

invalid config or missing consent blocks the sponsor path.

04

Proof

filled slots produce signed evidence for settlement.

What advertising partners do not receive

What advertising partners do not receive

Raw prompt text

Conversation history

User identifiers

Personal data

Model output

What goes out - and how

What goes out - and how

Topic category + language: the delivery signal used for matching (see data firewall).
Transport: the partner request can use an OpenRTB 2.6 request shape during inference.
Retention: the delivery signal is transient; it is not stored as a user profile.
Policy: formats, blocked industries, and category allow/block rules live in your API configuration.

Fail-closed by default

If the sponsoring path cannot validate a request, it stops. The model response still returns; the ad slot becomes a no-fill.

Missing config block

Consent required but missing block

Invalid consent flags block

Auction timeout no ad

Firewall validation error block

No influence on model behavior

Sponsors do not write into the prompt, context window, tool inputs, or model selection. The model output is produced without sponsor metadata.

If you choose to render a creative inside the model context, that is an explicit product decision; the API integration keeps ads out of model I/O unless you intentionally wire them in.

Ad quality and brand safety

You control format, industry blocking, and category sharing through your API configuration.

Rules are enforced before any auction request is sent.

Cryptographic proof - not self-reporting

Filled slots generate signed proof events that can be reconciled in settlement.

For the proof evidence pack and benchmark results, see Engineering evidence.

Compliance and standards

wavebird implements Compute Sponsoring v1.0. The current rollout uses the standard's situational, no-persistence path documented there.

01

Separate channel

ad delivery is isolated from model I/O.

02

Consent gate

semantic relevance requires explicit opt-in.

03

Data sovereignty

sponsors do not receive user-level semantic data.

04

Proof

billed impressions are backed by signed evidence.

What wavebird does NOT do

Store raw prompts or conversation history.

Build cross-session user profiles.

Send user identifiers or personal data to the configured ad path.

Modify model outputs based on sponsors.

Override your blocking rules.

Next step

Start with the API path.

Use the API docs to wire the safety boundary into your own product before moving toward production.

Next step

Start with the API path.

Open the API docs, download the LLM integration markdown, then create a workspace to manage your publishable and secret keys. Assisted rollout stays available for enterprise or operator-led deployment.