The AI Privacy Intelligence Layer for Patient Data: Configure Your Pipeline End to End

A couple of weeks ago we shipped AI access to experimentation and heatmaps. That was the first step. The interesting work was always going to be configuration.

Standing up a new ad destination has always been an iterative process. Pick the platform. Configure the destination. Watch a few events flow through. Inspect the payloads. Figure out which properties you have to work with. Build the mappings. Set the consent rules. Each step means clicking through, waiting, checking what came in, going back, adjusting.

Your AI assistant now collapses that loop into a single working session. Here's how that works: Ours Privacy publishes a complete set of tools that your AI calls directly. Set up a destination. Map fields. Write consent rules. Manage versions. Publish changes. Every action a person can take in the configuration UI is now available as a tool your AI can invoke on your behalf, on whatever AI platform your enterprise has already approved.

I'll call this what it is: an AI privacy intelligence layer for healthcare marketing. The intelligence layer isn't ours. It's the assistant your team is already using. We're the surface it operates on.

Stand Up a New Channel by Chat

Marketers can quickly configure a new channel via chat and ask the AI assistant what PHI and PII is already being sent to existing channels before adding another.

What that conversation looks like in practice:

• "What fields do my visitors and events have today?"

• "I want to launch Facebook as a new channel. With the Ours Privacy tag manager, make sure we collect first name and birth month on the patient signup form. Then pipe those fields through to a new Facebook destination called Patient Acquisition. Only send hashed email and visitor ID. Drop anything that could be PHI. Respect marketing consent."

• "Mirror the configuration of our Google Ads channel into a new test account. Same consent rules, same field mapping, different API credentials. Publish to a non-production version so we can validate before going live."

Your AI assistant inspects what's flowing in, surfaces what's missing, updates the tag manager to start collecting it, builds the destination, fills in the mapping, and sets the consent rule. The change is saved as a versioned configuration ready for your team's normal privacy and legal review. When it ships, the audit trail shows exactly what got configured and when.

Chat and Instantly Know How You're Sending Email Addresses Across All Platforms

The same tools that let your AI configure your pipeline let it inspect your pipeline. The first question a privacy team usually asks is also the hardest to answer by hand: where is the email address going across every channel, and which ones are hashing it before it leaves? You could use the built-in Compliance Report and search and fine the email fields per channel. Or, you could ask your AI assistant. It pulls every destination's mapping, every consent rule, every transform on the way out, and answers in chat. Same with any other identifier you care about. Phone number. First name. Anything that could be PHI.

Read access is its own scope, separate from write access. You can grant an assistant the ability to audit your configuration without giving it the ability to change anything.

Every other control lives in your account.

• The MCP server (the connection that exposes Ours Privacy to your AI assistant) can be enabled or disabled globally for your account with one switch. Off by default, on when your team is ready.

• API keys are scoped and revocable. You decide which people get one and what each one is allowed to do.

• Every write goes through the same versioning, audit log, and rollback path that an in-app change does. Nothing your AI assistant publishes is invisible.

Your data stays yours. Your AI stays yours. Your controls stay yours. Ours Privacy is the surface the two operate on. We don't host the AI. We don't read your prompts. We expose the platform to whichever assistant your enterprise has approved, and we give you the controls to govern what it is allowed to do.

The Whole Pipeline, Configurable

A destination on its own is a small part of the surface. The full pipeline that runs from a visitor on your site to a record in an ad platform involves the tag manager, the events flowing into Ours Privacy, the consent rules running on the server and on the client, the field mappings on each destination, and the routing logic that decides which event goes where. Until now, configuring all of that meant moving between multiple tools and multiple teams.

The MCP server exposes the whole pipeline. Your AI assistant can configure the tag manager, define which events are allowed in, write the consent rules that run on the server, set the consent rules that run on the client, build the destinations, and bind events to destinations through field mappings. End to end, from one conversation.

For most teams, this is the first time the entire data pipeline is reachable from a single interface, with privacy rules and routing logic configured in the same place the data flows through.

What This Unlocks

The interesting effect isn't that any single configuration ships faster. It's that the gap between "we need a new channel" and "we have a complete, versioned configuration ready for review" in a single working session.

The marketer who needs the new channel prepares the full configuration with their AI assistant, the privacy and legal teams review it through the process they already use, and the change ships once they sign off. Quarterly cleanup work stops being deferred until something breaks. Configuration drift becomes something you can actively manage instead of a forensic exercise.

That's what we mean by an AI privacy intelligence layer. The full configuration surface of your pipeline, exposed to an AI assistant you control, with every write audited and reversible.

The next post in this series goes deeper on the audit side. Asking where an identifier is going is the first question. Continuous inspection, consent-flow validation across server and client, identifier tracing through complex routing rules, surfacing drift before it becomes an incident: that's the rest of the story, and it's next.

If you'd like a walkthrough of how the MCP server works in your account, or help wiring it into your team's privacy and configuration workflow, book a demo. The full setup and capability reference lives in the Platform MCP documentation.