Intermediate8 min

Data Privacy & User Consent

Protect user data beyond PII filtering: informed consent for AI interactions, data retention policies, right to deletion, and minimizing data collection in agent systems.

Quick Reference

→Informed consent: tell users when they're interacting with AI and how their data is used
→Data minimization: collect only what the agent needs — don't log full conversations by default
→Right to deletion: users can request deletion of their threads, memory, and preferences from Store
→Retention policies: TTL on threads, checkpoints, and Store items — don't keep data forever
→Third-party disclosure: if agent data flows to LLM providers, users should know
→GDPR/CCPA compliance: lawful basis for processing, data portability, erasure rights

Data Minimization

Data Type	Collect?	Store?	TTL
Conversation messages	Yes (needed for context)	Thread checkpointer	7-30 days
User preferences	If user opts in	Store (cross-thread)	Until deletion requested
Tool call logs	Yes (for debugging)	LangSmith traces	30-90 days
Full LLM responses	Yes (for eval)	LangSmith traces	30-90 days
PII in conversations	Redact before storage	Never store raw PII	N/A
User feedback scores	If provided	LangSmith feedback	Indefinite (anonymized)

Right to Deletion

Delete all user data on request

Sign in to read this article

This is a premium article. Sign in with your Google account to continue.

Data Privacy & User Consent

Informed Consent