PatchBuddy. Get started
Legal

AI policy.

Last updated: 5 May 2026

PatchBuddy is an AI product. This page is what we do with that, where the responsibility line sits between the agency and us, and what we deliberately don't do.

1. What AI does in PatchBuddy

PatchBuddy uses AI models to:

  • Take a written brief from the operator and turn it into a Patchworks integration plan;
  • Build the connector, endpoint, script, or flow inside the operator's Patchworks tenant via the Patchworks API;
  • Diagnose issues, propose fixes, and re-run tests against the operator's sandbox;
  • Surface relevant entries from the platform knowledge base during a chat;
  • Summarise completed work, capture lessons learned, and propose knowledge entries to feed back into the platform.

Every AI action is initiated by the operator. The model does not run autonomously in the background.

2. Which AI providers we route to

PatchBuddy is multi-model. The operator selects which model handles each turn from the dashboard. The current set of routed providers is:

  • Anthropic — Claude family
  • OpenAI — GPT family
  • DeepSeek — DeepSeek Reasoner
  • Moonshot AI — Kimi family
  • Mistral — Mistral family

We may add or remove providers as the model landscape shifts. Per-model rates are published live on the pricing page; the dashboard always shows the price of the model that ran each turn before it ran.

3. What goes to the AI provider, and who decides

PatchBuddy is the conduit between the agency and the AI provider. The agency decides what crosses that conduit.

On every chat turn, the message content is sent to the AI provider the operator selected for that turn. That includes anything the operator typed, pasted, or uploaded into the chat — integration briefs, sample API responses, configuration, screenshots. The AI provider processes it, returns a response, and PatchBuddy stores the resulting transcript on the operator's account.

The agency operating the chat is the data controller for that content. Cirql Works and PatchBuddy do not generate, screen, or moderate the content of operator chats. If an operator pastes an end-customer's PII into a chat, the agency is the entity that decided to share that data with the AI provider — not us.

What this means in practice for the agency:

  • Redact end-customer PII from sample payloads before pasting them;
  • Use sandbox / test data where possible during the build phase;
  • Make sure your own client agreements permit sub-processing by AI providers;
  • If a particular client has stricter data-handling requirements, choose models accordingly (or don't use AI on that engagement).

We act as the data processor for that content under UK GDPR. See the Privacy Policy, Section 6.

3a. PII randomisation, on by default

PatchBuddy randomises personally identifiable information before any AI provider sees the payload. The behaviour is enabled on every new organisation by default, and can be toggled off per organisation when a specific support task genuinely requires raw PII.

Customer names, email addresses, phone numbers, and postal addresses in captured payloads are replaced with locale-coherent fakes inside the runtime. The same real customer always maps to the same fake within an organisation so multi-turn reasoning stays coherent. System identifiers (order IDs, SKUs, country codes, prices, currencies, timestamps) are preserved unchanged so the model retains the structural anchors it needs to reason.

PII is not stored or cached on PatchBuddy infrastructure. The randomisation map (real → fake) lives in the runtime scope of the chat session and is destroyed when the chat ends. PII does not appear in our database, in our logs, or in our backups.

Operational detail and the before-and-after payload example are on the Privacy by default page.

4. Training and provider-side data retention

We do not train AI models on agency chat content. Cirql Works does not run model training. We are not building a model.

We route to providers using their commercial / API endpoints, configured (where the provider exposes the option) to opt out of training and to use zero-data-retention modes. Specifically:

  • Anthropic — API content is not used to train Anthropic's models per the Anthropic Commercial Terms;
  • OpenAI — API content is not used to train OpenAI's models per the OpenAI API data-usage policy;
  • DeepSeek — routed via the DeepSeek API; provider-side terms apply;
  • Moonshot AI — routed via the Moonshot API; provider-side terms apply;
  • Mistral — routed via La Plateforme (Mistral's API); provider-side terms apply.

Provider-side terms can change. We track these and update this page (and notify in-app) if a provider's training-data policy changes in a way that affects routed traffic.

5. The knowledge base

PatchBuddy ships with a curated knowledge base — patterns, gotchas, and integration techniques accumulated by Cirql Works engineers over years of Patchworks work. The platform-level knowledge base is authored by us, not extracted from agency chats.

Agencies can fork the knowledge base at agency or organisation level. Forks are private to that agency or organisation. Learning entries an agency captures during their builds (via the "what we learned" workflow at the end of a project) stay private to that agency unless the agency explicitly chooses to contribute the entry back upstream.

6. AI is a tool, not an oracle

AI output is a suggestion. It can be wrong, incomplete, or out of date. Operators are expected to:

  • Review what the model proposes before deploying;
  • Run the test calls PatchBuddy generates against the operator's sandbox before going live;
  • Treat AI-generated documentation, schemas, and credentials as drafts until verified against the source-of-truth (Patchworks, the API vendor's docs, the end-customer's environment).

The agency is responsible for any flow that goes live in their Patchworks tenant. Cirql Works does not guarantee that AI-generated output is fit for any particular purpose — see the Terms of Service for the formal disclaimer.

7. Operator controls

  • Per-turn model selection — pick the model that meets the engagement's data-handling rules;
  • Project / chat deletion — delete a project or close the account and the associated chat history is removed from our database within 30 days;
  • Knowledge fork visibility — agency / organisation forks of the knowledge base are private by default;
  • Audit log — every AI call is recorded against the operator's account with timestamp, model, and token cost.

8. Changes to this policy

We update this page when the model line-up changes, when a provider's terms shift in a way that affects you, or when our own AI practices evolve. The "Last updated" date at the top reflects the most recent revision. Material changes are announced in-app at least 30 days before they take effect.

9. Questions

AI / model questions: ai@patchbuddy.ai

Data protection enquiries: privacy@patchbuddy.ai