brand-data isolation: ON โœ“ data did not leave the boundary campaign #SS-7741 ยท ADK multi-agent

The Sealed Campaign boundary

๐Ÿ”’ INSIDE THE VAULT โ€” encrypted at rest, need-to-know scoped
What the agent works with โ€” and nothing of it is shipped to TikTok or third parties:
๐Ÿ“ฆ product brief v3 ๐Ÿ’ฐ budget deposit $4,000 ๐Ÿ“ˆ TikTok Shop GMV signal (aggregate) ๐ŸŽฏ strategy doc ๐Ÿชช creator tokens (no raw PII) ๐Ÿ“Š k-anon view buckets
๐Ÿšซ Never ingested: TikTok user profiles ยท device graph ยท per-viewer watch history ยท your customer list ยท creator real names/emails (until logged hand-off). The agent runs against mock TikTok endpoints + a metrics simulator โ€” no live personal data crosses in.

๐Ÿ‘ What each sub-agent can & cannot see (consent panel โ€” revoke any scope mid-run)

Sub-agent (A2A)CAN seeCANNOT see
Strategybrief, budget, aggregate GMVcreator tokens, raw analytics
Creator Sourcingregion tier, audience-size band, tokens #c8f2real handles, follower lists, contact info
AI Brief / Captionbrief, brand voice, #ad disclosure rulecreator identity, budget, GMV
Publish hand-offtoken โ†’ real handle (just-in-time, logged)customer data, GMV, other creators
Measurementk-anon watch-time buckets, click countsper-viewer behavior, device IDs, PII
Reallocationcohort CPV, budget cap stateraw analytics, creator identity
โœ“ Least-privilege enforced by Agent Engine โ€” each scope is a signed capability token; revoking one pauses that agent, not the run.

๐Ÿชช Creator PII minimization

Creators exist to the agent as tokens + coarse buckets. Raw handles surface only at the human hand-off moment, and that reveal is written to the audit log.
TokenRegion tierAudience bandState
#c8f2Tier-2 EU10kโ€“50kbrief sent
#a190Tier-1 US50kโ€“250kposted
#7b3eTier-2 US10kโ€“50ksourced
#f042Tier-3 SEA1kโ€“10kcandidate
Raw handle for #a190 revealed 2026-05-11 14:02 UTC for publish hand-off โ€” see audit entry L-0188.

๐Ÿงพ Audit log โ€” append-only, hash-chained

14:02Publishrevealed handle for #a190 โ†’ hand-off (op: rachelb)
13:51Briefsent brief v3 to #c8f2 โ€” #ad disclosure clause attached โœ“
13:40Sourcingadded candidate #f042 (Tier-3 SEA, 1kโ€“10k)
13:10Reallocateshifted $300 from cohort Bโ†’A (cohort CPV $0.011โ†’$0.009)
12:58Measureingested k-anon bucket batch #44 (no PII, kโ‰ฅ50)
11:30Budgetcap check: 247,900 verified views ร— $0.01 = $2,479 / $4,000
๐Ÿ”— chain head 0x9f3aโ€ฆc2 ยท verify chain ยท export signed log

๐Ÿ’ฐ Verified-view ledger โ€” billed from anonymized aggregates, never from tracked individuals

247,900verified views
$0.0099actual CPV
$2,479spent of $4,000 cap
k โ‰ฅ 50min cohort size per bucket
Hard budget cap: the agent stops spending when verified-views ร— $0.01 reaches your deposit. Cap enforced inside the boundary โ€” no override path.
How a view becomes "verified" โ€” without tracking anyone:
  • watch-time only counted in k-anonymous buckets (โ‰ฅ50 viewers, โ‰ฅ3s threshold)
  • dedup & source-anomaly run on cohort distributions, not user IDs
  • no device fingerprint, no cross-app graph, no per-viewer profile stored
watch-time distribution (bucketed) โ€” billing reads the shaded mass above 3s
Fraud filter โ€” cohort-level flags
Cohort C ยท burst pattern at 02:00 UTCheld for review
Cohort A ยท watch-time distribution normalcleared
Cohort D ยท source mix within boundscleared
Cohort B ยท dedup ratio 1.4% (norm <3%)cleared
Flags describe cohorts, never people. Held views aren't billed until cleared.

๐Ÿง‘โ€๐ŸŽค Creator / data-subject portal โ€” what a creator sees when they open their link

You hold token #c8f2 in 1 active campaign:
Brand campaignWhat they sent youWhat they hold about you
#SS-7741 (DTC skincare launch) brief v3 + #ad caption template token, Tier-2 EU, 10kโ€“50k band โ€” no name/email retained
"Forget me" purges your token and bucket label immediately. Action-hashes in the audit log are kept (no PII in them) so the brand can still prove what was done โ€” your identity is gone, the accountability record stays.