Safety
Safety model
Safety comes from boundary enforcement: minimal signals leave the app, consent gates semantics, failures fail closed, and every filled slot is provable.
Runtime boundaries
Safety is enforced at the boundary: the model path stays your model path, and the sponsoring path only receives the minimal signal you allow.
In the recommended setup, wavebird runs as a sidecar and does not need raw prompt text, conversation history, or user identifiers. See the data firewall.
Semantic relevance targeting is opt-in via explicit consent and CS profiles defined by Compute Sponsoring.
Separation
ad decisioning runs outside model I/O.
Data minimization
only topic category + language are shared (when allowed).
Fail-closed
invalid config or missing consent blocks the sponsor path.
Proof
filled slots produce signed evidence for settlement.
What never leaves your system
What never leaves your system
Raw prompt text
Conversation history
User identifiers
Personal data
Model output
What goes out - and how
What goes out - and how
Topic category + language: the delivery signal used for matching (see data firewall).
Transport: the ad auction runs via OpenRTB 2.6 during inference.
Retention: the delivery signal is transient; it is not stored as a user profile.
Policy: formats, blocked industries, and category allow/block rules live in your SDK configuration.
Consent architecture
Semantic targeting (topic-based relevance) is only allowed with explicit user consent. In Compute Sponsoring terms, that is the boundary between CS-S and CS-N.
Your app owns the consent UX. The SDK passes your flags; wavebird enforces them. See Compute Sponsoring.
Fail-closed by default
If the sponsoring path cannot validate a request, it stops. The model response still returns; the ad slot becomes a no-fill.
Missing config → block
Consent required but missing → block
Invalid consent flags → block
Auction timeout → no ad
Firewall validation error → block
No influence on model behavior
Sponsors do not write into the prompt, context window, tool inputs, or model selection. The model output is produced without sponsor metadata.
If you choose to render a creative inside the model context, that is an explicit product decision; the SDK integration keeps ads out of model I/O unless you intentionally wire them in.
Ad quality and brand safety
You control format, industry blocking, and category sharing through your SDK configuration.
Rules are enforced before any auction request is sent.
Cryptographic proof - not self-reporting
Filled slots generate signed proof events that can be reconciled in settlement.
For the proof evidence pack and benchmark results, see Engineering evidence.
Compliance and standards
wavebird implements Compute Sponsoring v1.0. The current rollout uses the standard's situational, no-persistence path documented there.
Separate channel
ad delivery is isolated from model I/O.
Consent gate
semantic relevance requires explicit opt-in.
Data sovereignty
sponsors do not receive user-level semantic data.
Proof
billed impressions are backed by signed evidence.
What wavebird does NOT do
✕Store raw prompts or conversation history.
✕Build cross-session user profiles.
✕Send user identifiers or personal data to the ad market.
✕Modify model outputs based on sponsors.
✕Override your blocking rules.
Related
Last updated: 2026-04-03