The foundational tension in applied machine learning has always been this: the models that are most useful require the most data, and the most useful data tends to be the most sensitive. Fraud detection models need to learn from fraud. Churn models need to learn from customers who churned. Propensity models need to learn from customers who converted. In every case, the training process requires linking a known outcome to the individual whose behaviour produced it — which means personal data enters the training pipeline.
This linkage is, in most architectures, inescapable. It is also the source of the industry's deepest privacy exposure. GDPR's requirements around lawful basis for data processing, LGPD's equivalent provisions in Brazil, and Apple and Google's app store policies on data collection all draw their sharpest lines at the point where personal identifiers become associated with behavioural data. Cross that line — even in a training pipeline that never goes to production — and you have created a compliance obligation, a breach risk, and a consent problem.
Intent's Privacy-Preserving Model Training pipeline is designed to cross that line without crossing it. The architecture produces models trained on real individual behavioural data, at production scale, without any personally identifiable information ever being processed, transmitted, or seen by any person or system. The legal basis is not consent. It is the fact that no personal data is involved.
How It Works
The pipeline operates in five steps, each of which maintains the privacy guarantee of the step before it.
Step 1: Label injection on-device. CRM data — the known outcomes that give model training its predictive power — is transferred from the client's app to the SDK via a built-in API. If the CRM data is available on the device at login, it is passed immediately. If it resides in backend systems, the SDK can trigger the app at configurable intervals to fetch and supply it. Either way, the data is stored locally on the device and transformed into Custom Micro-Segments — structured, anonymised representations of the CRM signal, treated identically to the SDK's own behavioural outputs. The CRM data never leaves the client's own systems in its original form.
Step 2: On-device trait extraction. A lightweight model embedded in the SDK processes raw signals into abstracted behavioural traits and combines them with the known outcome labels. The result is a training pair: a behavioural pattern associated with a known outcome. Identifiers are serialised. Data is encrypted in transit. Nothing in this pair can be traced back to a specific individual — not because identifiers have been removed, but because the representation no longer contains them.
Step 3: Anonymous data collection. Devices transmit only encrypted training pairs to central servers. Not raw signals. Not personal records. Not identifiers. Just the relationship between a behavioural pattern and a known outcome, in encrypted form. There is no way to trace these pairs back to individual users. No location data is included. The re-identification risk from Edge signals alone is zero.
Step 4: Centralised model training. Central servers accumulate millions of these anonymous training pairs and train production-grade models against them. The training dataset contains rich behavioural patterns, structured feature-to-outcome relationships, and sufficient volume to produce high-quality models — with zero personally identifiable information at any stage. A fraud model, trained on this data, learns what behavioural patterns precede fraudulent transactions. A churn model learns what sequences signal a customer who is about to leave. Neither model has ever seen a name, an email address, or any other personal identifier.
Step 5: Continuous learning. Devices generate new anonymous training data daily. Central servers update models on a daily or hourly cycle based on aggregate patterns. Improved models are deployed back to production over-the-air, without requiring app updates. Performance metrics are collected and are also anonymised. The loop closes without personal data ever entering it.
Why This Matters
The commercial implications are significant in three directions.
For financial services. Fraud models trained on real behavioural data — patterns of device use, transaction sequences, mobility signals — without any PII exposure are more accurate and more legally defensible than models trained on centralised personal records. The Nubank case is instructive: a Brazilian financial institution with over 100 million users, operating under LGPD, requiring DPIA documentation, Apple App Store compliance, and Google Play alignment — all met by design, without a single consent popup introduced to the user experience.
For telecoms. Network-correlated behavioural signals are among the richest predictive data sources available for churn, ARPU, and fraud modelling. They are also among the most legally sensitive, sitting under telecommunications secrecy law in most jurisdictions. The Privacy-Preserving Model Training pipeline allows telcos to train on this data without triggering the legal obligations that traditional model training would create.
For any organisation operating across regulatory jurisdictions. The pipeline is not built for one regulatory framework. GDPR, LGPD, CCPA, and the app store policies of both major mobile platforms are all addressed by the same architectural choice: no personal data enters the pipeline. Where multiple frameworks would otherwise require multiple compliance approaches, a single privacy-preserving architecture satisfies all of them simultaneously.
The Federated Learning Comparison
The architecture is conceptually adjacent to federated learning, but technically distinct in ways that matter. In federated learning, model weights or gradients are computed on-device and aggregated centrally, with raw data never leaving the device. In Intent's pipeline, anonymised feature-to-outcome pairs are collected centrally and used for conventional model training. This distinction matters because centralised training on aggregated anonymous features produces models of equivalent or superior quality to federated approaches, while avoiding the engineering complexity and communication overhead that federated learning requires at scale.
The pipeline is not a workaround for privacy. It is a different theory of where the privacy boundary should be drawn — not between the device and the cloud, but between personal identity and behavioural pattern. Once the pattern is separated from the identity, the constraint on what can be done with it changes fundamentally.
The Patent Position
The entire architecture — the ability to collect edge behavioural data, enrich with CRM signals on-device, train in the cloud on anonymous pairs, and deploy improved models back to devices — is patented by Intent. This is not a privacy configuration built on top of a standard ML pipeline. It is a novel system, designed from first principles to achieve something that was not previously possible: model training at commercial scale, from real individual behaviour, with no personal data in the loop.
The question it poses to every organisation that trains models on customer data is simple: does your current training pipeline require personal data? If so, what would it mean to your compliance posture, your consent obligations, and your model quality if it did not?
Intent's answer is that it means the same models, at the same scale, without the exposure.