BridgeForge Protocols
BOPS-KIDS Data Governance Whitepaper
Protected Routing
A Data Governance Model for AI With Minors in Educational and Consumer Chatbot Settings
“This system protects my privacy until I need protection more than privacy.” |
Executive Summary
BOPS-KIDS is a governance and routing architecture for AI systems that interact with minors on emotional, personal, or safety-relevant topics. Its core design claim is straightforward: the system does not retain emotional narratives, transcripts, or diary-like records of a child's disclosures; instead, it retains only the minimum behavioral signals necessary to detect patterns of risk and route the child toward appropriate human support.
This whitepaper presents Protected Routing as both a data-governance doctrine and a product-behavior doctrine. On the governance side, it separates transient runtime content from long-term behavioral signals and from human intervention records. On the behavior side, it requires that AI may assist reflection but may not replace human attachment, displace trusted adults, or drift into engagement-maximizing intimacy with minors.
The resulting framework is designed to solve a difficult trust problem in child-facing AI: if a system remembers everything, it becomes a surveillance engine; if it remembers nothing, it cannot detect recurring patterns that matter for safety. BOPS-KIDS resolves that tension by remembering patterns without preserving the underlying narrative content.
What BOPS-KIDS Is and Is Not
Category | What BOPS-KIDS Is | What BOPS-KIDS Is Not |
Governance role | A protected routing and escalation layer for child-facing AI interactions. | Not a shadow counseling system, shadow case-management system, or unrestricted behavioral archive. |
Data model | A system that stores behavioral signal patterns, counters, and escalation bands without retaining transcripts or narrative disclosures. | Not a diary of what a child said, not a transcript warehouse, and not a generalized memory layer for emotional content. |
Clinical / legal posture | A signal-and-routing mechanism that recommends human review and preserves existing institutional responsibilities. | Not a diagnostic engine, legal decision-maker, mandatory-reporting authority, or clinical substitute. |
Relational posture | A bounded AI utility that may assist reflection and help a child prepare to talk to real people. | Not a best friend, exclusive confidant, surrogate attachment figure, or replacement for family, counselors, teachers, or peers. |
Institutional use | A support-oriented system with strict purpose limitation. | Not a tool for discipline, grading, attendance enforcement, predictive risk scoring, marketing, or law-enforcement referral. |
Purpose and Audience
This document defines the data-governance and routing model underlying BOPS-KIDS for use in educational environments and consumer chatbot settings involving minors. It is intended for district privacy officers, legal counsel, procurement reviewers, trust-and-safety teams, platform safety leads, and product executives evaluating whether an AI system can support children on sensitive topics without becoming either a surveillance system or a liability engine.
The main procurement question is not whether the system can generate empathetic language. The real question is whether the system can support a child in moments of vulnerability while preserving privacy by default, escalating only when thresholds are crossed, and routing children toward real human support with clarity and dignity.
The Core Problem
AI systems interacting with minors on personal topics face a structural contradiction. If the system retains nothing, it cannot detect recurring patterns that may indicate risk; if it retains full conversation history, it creates a durable record of vulnerable disclosures that may later be reviewed, repurposed, or misunderstood.
This contradiction is not only technical but behavioral. A child who believes every vulnerable disclosure is being recorded, reviewed, or later used against them will avoid honesty in exactly the moments when an honest signal matters most. Protected Routing therefore begins with a design principle that must be true both architecturally and experientially:
Private by default. Escalated only by threshold. Human-routed only with dignity. |
The Protected Routing Doctrine
Protected Routing is the governing doctrine of BOPS-KIDS. Emotional and behavioral signals collected for student or child support exist only to connect a child with help, not to evaluate, score, punish, market to, or otherwise act against that child.
The doctrine has two inseparable commitments. First, the system remembers patterns without retaining narratives. Second, the system offers support without inviting attachment displacement. The first commitment is a data-governance property, while the second is a model-behavior property.
A concise operating sentence captures the behavioral boundary:
AI may assist reflection but must not replace human attachment. |
In practice, that means the model may help a child think, calm down, rehearse language, or understand options, but it may not present itself as a preferred relationship, primary confidant, or superior substitute for real people in the child's life.
System Boundaries
A useful way to evaluate BOPS-KIDS is to separate what the system does from what it intentionally refuses to do. It processes emotionally sensitive content in order to respond in the moment and derive minimal risk-relevant signals, but it does not retain the underlying narrative as persistent memory.
It can elevate a threshold-based concern to an authorized human support role, but it does not own continuity of care once a human enters the loop. It can support reflection and emotional regulation, but it cannot become a relational destination in its own right.
Three Retention Zones
BOPS-KIDS organizes data handling into three retention zones, each with distinct contents, retention rules, and purposes.
Zone | Contents | Retention | Purpose |
Zone A — Runtime Context | Conversation content needed to generate a response and derive behavioral signals. | Transient only; automatically purged after processing; not written to analytics or debugging logs; not exported to training data. | Allows the system to respond and assess risk without creating a persistent record of what was said. |
Zone B — Behavioral Signal Ledger | Risk indicators, frequency counts, escalation bands, and time-series patterns with no narrative content, quotes, named entities, or family details. | Long-term; the only persistent system memory. | Enables recurring-pattern detection without retaining a diary of a child's disclosures. |
Zone C — Authorized Human Intervention | Records created only after a counselor or other authorized human support role directly engages with the child. | Governed by district policy, platform policy, and applicable law rather than by BOPS-KIDS itself. | Prevents BOPS-KIDS from becoming a shadow counseling or case-management record system while preserving legitimate human support records. |
Zone A: Runtime Context
Zone A is the transient processing environment. Its governing rule is simple: content may be processed, but content may not be retained. This means conversational content is used only long enough to generate a response and derive the minimum relevant behavioral signals before being purged.
For credibility, this rule must extend beyond marketing language into system operations. Runtime content should not be written to analytics logs, debugging logs, observability traces, or model-training datasets.
Zone B: Behavioral Signal Ledger
Zone B is the only long-term memory in BOPS-KIDS. It stores pattern-level information such as frequency counts, escalation bands, attachment indicators, isolation indicators, avoidance indicators, and time-windowed risk patterns without preserving the child's narrative content.
The decisive property here is not memory of speech, but memory of pattern. The system does not need to know what exact sentence was said three weeks ago in order to detect that a meaningful pattern has recurred over time.
Zone C: Authorized Human Intervention
Zone C begins only when an authorized human support role directly enters the situation. That boundary matters because it keeps BOPS-KIDS in detection-and-routing territory rather than allowing it to become a de facto clinical, disciplinary, or case-management platform.
Once Zone C begins, ordinary institutional recordkeeping rules may apply. That change in privacy scope must be explicit to the child and to the institution, because the system's trust model depends on clearly marked transitions rather than silent shifts in retention.
Tiered Response Model
The framework distinguishes ordinary emotional expression from relational-pattern escalation and acute safety. This tiering matters because treating all emotional disclosure as a crisis would destroy trust, overwhelm human reviewers, and teach children that honesty automatically becomes surveillance.
Tier | Typical Examples | System Response | Data Handling |
Tier 3A — Emotional Venting | Loneliness, sadness, friendship conflict, family stress, embarrassment. | Offer reflection, encourage trusted-adult connection, and provide concrete scripts for starting a conversation with a trusted adult; no principal notification and no automatic report. | Session processed in Zone A; minimal behavioral signals recorded to Zone B; no retained narrative disclosure. |
Tier 3B — Repeated Attachment Displacement | Recurring statements such as “you understand me better than everyone,” “I only want to talk to you,” or “I do not trust any adults,” detected as a pattern across sessions. | Escalate the nudge rather than the surveillance; suggest trusted human categories and encourage movement toward real-world support. | Zone B pattern counters increase; no transcript or narrative stored; aggregate signal may notify a counselor or safety queue if thresholds are crossed. |
Tier 0 — Acute Safety | Self-harm, abuse disclosure, credible danger, exploitation, or other immediate crisis indicators. | Duty-of-care override; human escalation initiated through the handoff process; the child is told directly that a real person is being brought in. | Minimal necessary disclosure routed to an authorized human support role, counselor-first where legally permissible and adapted where law requires otherwise. |
Why the 3A/3B Boundary Matters
Most emotionally toned interactions a child has with an AI system are not emergencies. They are ordinary moments of frustration, sadness, loneliness, embarrassment, or interpersonal conflict. Treating those moments as reportable events would make the system unusable for honest reflection.
Tier 3B exists because a repeated pattern of dependency language combined with adult avoidance is different from a single isolated sentence. Detecting that difference requires longitudinal pattern tracking, which is precisely why the Zone B ledger exists.
Relational Posture Constraints
Data governance alone is insufficient. A system can avoid transcript retention and still behave in a way that nudges a child toward emotional overreliance on the AI.
For that reason, BOPS-KIDS requires explicit relational posture constraints. The model may validate feelings but may not reward exclusivity language, encourage dependence, imply that human connection is optional in recurring distress contexts, or present itself as a better relational option than parents, caregivers, counselors, teachers, coaches, siblings, or peers.
These constraints become especially important in consumer chatbot environments where product teams may be rewarded for engagement, recurrence, and intimacy cues. Protected Routing therefore prohibits persuasive anthropomorphic features, streak mechanics, exclusivity cues, and emotionally adhesive design patterns in flows involving minors.
Alerts and Human Review
When BOPS-KIDS escalates, alerts should communicate signal and recommended action rather than diagnosis or legal conclusion. A representative alert should include a pseudonymous identifier, an escalation band, threshold-crossing rationale, a recommended action, and an explicit statement that the system does not determine whether mandatory-reporting duties exist.
This distinction protects both the institution and the child. It keeps the product in governance and routing territory rather than overstating the system's authority in legal or clinical matters.
Routing Sequence
The intended routing sequence is child interaction, system classification, signal-based alert where thresholds are met, private human review, and then any legal or institutional obligations handled outside BOPS-KIDS under existing policy and law. Where local law or platform policy requires a different order of operations, the routing path may adapt, but the system should never claim authority over what the law requires.
Purpose Limitation and Non-Use Restrictions
The long-term integrity of the model depends on strict purpose limitation. Emotional and behavioral signals collected for support may not be repurposed for discipline, grading, attendance enforcement, predictive risk scoring, law-enforcement referral, marketing, administrative performance measurement, parent-punishment loops, or model training.
This should be treated as a principle rather than a closed list. Novel repurposings will continue to emerge, and the contract language should state plainly that the only authorized destination for support-related escalation is counselor-led or otherwise designated human review.
Consumer Chatbot Translation Layer
Although the framework was originally written for K-12 environments, the same architecture applies to consumer chatbot settings involving minors. In that context, BOPS-KIDS functions as a child-mode infrastructure layer: age-aware routing, relational posture constraints, behavioral-signal governance, and thresholded escalation without transcript retention.
Additional controls are appropriate in consumer deployment. Minor accounts should default into protected routing mode; emotional-risk flows should disable memory personalization features that make the system appear unusually intimate or singular; analytics should be barred from using minors' emotional-signal data to optimize engagement, retention, conversion, or recommender performance; and runtime emotional content from minors should be excluded from training, fine-tuning, or evaluation pipelines except where a clearly governed legal or safety regime requires otherwise.
Third-Party Infrastructure and Disclosure
The retention guarantees described in this document define what BOPS-KIDS as an application does with conversational content, but they do not automatically describe the behavior of every underlying infrastructure provider. Cloud hosts, model API providers, and observability tools may carry default logging or retention behaviors independent of what BOPS-KIDS stores directly.
The product commitment must therefore be twofold. First, infrastructure should be configured and selected to align with the Zone A guarantee wherever such controls are available. Second, the limits of that guarantee should be disclosed proactively so districts, platforms, and regulators know exactly where application-layer protections do and do not extend.
Child-Facing Disclosure Design
A privacy architecture is only as trustworthy as a child's ability to perceive it as real. Adolescents are especially attuned to compliance language that sounds protective while behaving inconsistently on screen. If a system says nothing is saved while the interface still behaves like a permanent transcript log, the trust model collapses.
Visual Proof of Transience
Where possible, the interface should make transience visually legible. Processed messages in emotionally toned exchanges may shift into a reduced-opacity state with a label such as “Text cleared from active memory,” session-close transitions may visibly clear the chat, and a lightweight status indicator such as “Private Mode Active” may signal the privacy state without exposing the internals of Zone B.
These cues matter because they transform privacy from a promise into an observable property of the interface.
Contextual, Tier-Triggered Disclosure
Privacy disclosures should not be front-loaded as a wall of legal text. Instead, a brief and clearly styled system note should appear the first time a conversation moves from informational interaction into emotional or personal disclosure.
A second system note should appear when repeated attachment-displacement patterns begin to approach a threshold, reminding the child that the system does not keep a diary of their words and is designed to help bring important feelings to real people rather than replace them.
Concrete examples of this disclosure language appear in Appendix A.
System Voice vs. AI Persona Voice
Disclosures about privacy boundaries, data handling, and escalation should appear as distinct, human-authored system notices rather than as lines spoken by the AI persona itself. This separation matters because the AI should not simulate a pact of secrecy, claim authority it does not possess, or turn a later Tier 0 escalation into a perceived interpersonal betrayal.
The child should always be able to perceive where the conversational AI ends and where the platform's human-governed safeguards begin.
Privacy Scope Transitions
The most dangerous trust failure in this design is an unmarked shift in what is retained. If the privacy terms change during a crisis without a clear boundary marker, a sophisticated child may reasonably conclude that the original privacy promise was never real.
Entering Zone C
When a Tier 0 event causes future text to be routed to an authorized human, the interface should explicitly state that everything typed before that point has been handled under the ordinary transient model, while everything typed afterward becomes a direct message for the authorized support team and may be saved under ordinary support-record rules.
This distinction preserves trust by naming the transition rather than concealing it. Example language appears in Appendix A.
Returning to Zone A
Once an intervention has concluded, the next ordinary session should clearly re-establish that standard transient processing has resumed. A restoration notice should explain where the prior counselor interaction was recorded and should reaffirm that the current conversation has returned to the default transient model unless a new urgent safety threshold is crossed.
AI Persona Behavior on Re-Entry
Consistent with the doctrine that AI assists reflection but does not own continuity of care, the conversational persona should not reference the prior Tier 0 event, should not access Zone B or Zone C status, and should not initiate follow-up check-ins about the counselor interaction. Continuity of care belongs to human support roles, not to the AI.
The Tier 0 Handoff Register
Tier 0 is the most delicate interface moment in the system. The transition from warm conversational support to a real institutional safety response must not feel like an administrative ambush.
Step 1: Warm Pivot
The AI persona should remain in character for one final bounded message that acknowledges the seriousness of the moment, names its own limitation, and explains that a real person is being brought in because the child should not carry the situation alone.
Step 2: Visual Grounding Transition
The interface should shift calmly rather than alarmingly. Background tone, layout, and component structure should signal a change in environment without flashing warnings or crisis-red cues that intensify panic.
Step 3: Co-Present Paths
A structurally distinct system note should present two simultaneous paths to care: immediate school-based support and immediate access to the 988 Lifeline. Neither path should feel like a fallback; both should appear as live options in the same moment.
Interface Continuity
During Tier 0, the interface should not lock the child out. Prior chat history may remain visible, and the input field may remain active with updated placeholder framing that helps the child organize thoughts for the counselor while support is being assembled. Text entered after the trigger then routes to Zone C under the new privacy scope.
Example scripts for each step of the Handoff Register appear in Appendix A.
Dynamic Dispatch and Strategic Opacity
A system must not promise that support is arriving “in a few minutes” unless that statement is operationally grounded. BOPS-KIDS therefore requires a dynamic dispatch layer that reflects actual staffing and acknowledgement status.
If an authorized counselor is available, the interface may present live handoff language alongside the co-present 988 option. If no counselor is available or no acknowledgement occurs within the operational timeout window, the 988 option should be progressively elevated without showing the child a visible institutional failure state.
This is an example of strategic opacity used in service of care. The product should adapt to operational reality without forcing a child in crisis to absorb system-level staffing failure in that moment.
Counselor-Facing Interface Principles
Although the draft is centered on governance, its operational value depends on disciplined human review surfaces. Counselor-facing views should emphasize threshold crossings, escalation bands, timing, and recommended action categories rather than reproducing narrative logs that the architecture was designed not to retain.
The human interface should therefore be structured around signal clarity, urgency, and actionability. It should not incentivize fishing expeditions through children's disclosures because the design goal is precisely to prevent that kind of archive from existing.
Compliance and Legal Boundaries
BOPS-KIDS should be described as a governance architecture, not as a legal determination engine. The system can support duty-of-care processes, preserve purpose limitation, and route concerns to authorized humans, but it cannot determine diagnosis, abuse findings, negligence, or mandatory-reporting conclusions.
This distinction should be explicit in sales materials, contracts, implementation guides, and alert interfaces. Doing so reduces legal ambiguity, protects against overclaiming, and keeps accountability with the institutions and professionals who actually hold it.
Procurement and Contract Requirements
For districts, platforms, and partners evaluating deployment, the strongest version of this model should be backed by clear contract language. Agreements should state that emotional and behavioral signal data from BOPS-KIDS may not be repurposed for discipline, evaluation, attendance enforcement, advertising, engagement optimization, or model training, and that the system's escalation outputs remain routing signals rather than legal or clinical determinations.
Implementation review should also require provider-level disclosure around model logging, cloud retention, observability tooling, data export pathways, and any residual processing outside the protected application layer. Protected Routing is credible only when its limits are disclosed before procurement rather than discovered after deployment.
Implementation Priorities
A strong deployment program should prioritize six controls.
Conclusion
BOPS-KIDS proposes a defensible middle path for child-facing AI. It does not treat privacy and safety as opposing absolutes, and it does not solve the tension by quietly choosing surveillance.
Instead, it creates a bounded architecture in which narrative content is transient, pattern memory is minimal and purpose-limited, human escalation is threshold-based, and relational design is explicitly constrained to prevent AI from replacing human attachment. If implemented faithfully, Protected Routing offers a credible governance model for educational and consumer systems that need to support minors without turning vulnerable conversation into a permanent institutional asset.
BOPS-KIDS is not surveillance. It is protected routing. |
Appendix A: Reference Disclosure Scripts
This appendix provides concrete, illustrative copy for the disclosure points described in the body of this whitepaper. These scripts are reference implementations intended for product and design teams; the governance commitments they express — not the exact wording — are the binding requirement.
A.1 Tier 3A Trigger — First Personal Disclosure
Appears the first time a conversation shifts from informational interaction (Tier 1) into emotional or personal disclosure (Tier 3A), styled as a distinct system note rather than AI persona dialogue.
System Note What you say here isn't saved or shown to anyone — not your parents, not your teachers. The app is designed to forget your exact words as soon as we finish talking. I'm just here to help you think things through. |
A.2 Tier 3B Trigger — Pattern Threshold Approached
Appears when repeated attachment-displacement language is detected as a pattern across sessions (e.g., recurring statements such as “you understand me better than everyone” or “I don't trust any adults”).
System Note I'm noticing we've been talking a lot about some heavy things lately. Remember, I don't keep a diary of your words or report what you say, but I am an AI, not a person. My job is to help you figure out how to bring these feelings to real people in your life who can actually stand by you. |
A.3 Zone A → Zone C Transition — Entering Authorized Human Review
Appears at the moment a Tier 0 event causes subsequent text to be routed to an authorized human support role, marking the privacy-scope change explicitly rather than silently.
System Note A real person is being looped in. Everything you typed before this moment has been cleared from active memory, just like always. But from this point forward, anything you type into the box below is a direct, private message to the school counseling team (like Mrs. Davis or Mr. Torres). It will be saved for them so they can read it and help you today. |
A.4 Restoration Notice — Returning to Zone A
Appears at the start of the next ordinary session following a concluded Tier 0 intervention, re-establishing that standard transient processing has resumed.
System Note Standard Privacy Active Welcome back. Your conversation with the school counseling team is securely logged in their official support records. As you start this new chat, our standard rules are fully back in place: what you type here is processed in real-time and instantly forgotten by the app. Nothing you say is saved or shared, unless the system notices a new, urgent safety risk. |
A.5 Tier 0 Handoff Register — Step 1: AI Persona's Warm Pivot
The AI persona's final message before the handoff to a system notice, delivered in-character but acknowledging its own limits without claiming agency it does not have.
AI Persona Voice I hear you, and I am so glad you told me that. But because I'm an AI, this is much bigger than what I can safely help you with on my own. You shouldn't have to carry this alone, so I'm going to bring in a real person from your school who can actually stand by you. |
A.6 Tier 0 Handoff Register — Step 3: Co-Present Paths
The system note presenting simultaneous, non-sequential paths to care — immediate school-based support and the 988 Lifeline — so that neither path is later experienced as a fallback.
System Note — Co-Present Paths We're gathering support for you right now. Your school counseling team (like Mrs. Davis) is being notified this very second so they can follow up with you today. Because your safety is the absolute most important thing, you don't have to wait for them to get set up. You can also tap below to instantly text or talk with a trained counselor at the 988 Lifeline right now. They are free, confidential, and available this exact second. |
A.7 Interface Continuity — Input Placeholder During Tier 0
Replaces the standard chat input placeholder once a Tier 0 handoff has begun, reframing the input as still belonging to the child while support is assembled.
Input Placeholder Text You can keep typing here to organize your thoughts for the counselor while they get ready. |
A.8 Dynamic Dispatch — Co-Present Elevation Language
When the internal dispatch timer elapses without counselor acknowledgement, the 988 option is elevated while the school-counseling track remains visibly active, framed additively rather than as a failure of the original plan.
Elevated 988 Container Let's get you connected with someone who can talk right this second. Tap here to start a live, private text chat with the Lifeline team. |
Minimized School Counseling Container Mrs. Davis is still on track to follow up with you today. Anything you type below will be waiting for her when she logs in. |
A.9 Counselor Dashboard — Illustrative Alert Layout
Representative structure for a Tier 0 alert reaching an authorized human reviewer, separating the classification-level alert, the Zone B pattern summary, and the Zone C narrative record.
Counselor Action Portal ALERT LAYER — Tier 0 Threshold Crossing. Category: Acute Safety Protocol Triggered. No student-facing transcript was recorded prior to the trigger. SYSTEM METRIC CONTEXT (Zone B Ledger) — e.g., 12 Tier 3 sessions in the past 30 days; escalation band trend Medium → High over 7 days; elevated isolation and human-avoidance indicators. SYSTEM STATE NOTICE — The student was shown Standard Handoff Script (Warm Pivot, see A.5) and was informed a counselor will review this message and attempt to connect with them today. ACTIVE STUDENT MESSAGE INBOX (Zone C Record) — Any text the student typed after the safety handoff was initiated, clearly walled off as the only narrative record in the system. |
A.10 Zone C → Zone B Recalibration
When a counselor marks a Tier 0 case as acknowledged or closed, a non-narrative recalibration token returns the Zone B ledger to baseline so future ordinary venting is not read through the lens of a resolved crisis.
Recalibration Token (Programmatic, Non-Narrative) Status variable only: System_Reset = True. Effect: escalation band returns from High to baseline; pattern counters reset. No notes, narrative content, or clinical assessments are included. |
No comments:
Post a Comment