# Ticket: Document Privacy Policy and Safety Constraints

## Ticket Information

- **ID**: TICKET-003
- **Title**: Document Privacy Policy and Safety Constraints
- **Type**: Documentation
- **Priority**: High
- **Status**: Backlog
- **Track**: Safety/Memory
- **Milestone**: Milestone 1 - Survey & Architecture
- **Created**: 2024-01-XX

## Description

Define and document privacy policy and safety constraints for the family voice agent:
- Privacy policy: No external APIs for core ASR/LLM (define exceptions like weather)
- List "forbidden actions" for family agent (e.g., touching work repos)
- Document allowed vs restricted tool access
- Define data retention and deletion policies

## Acceptance Criteria

- [ ] Privacy policy document created
- [ ] List of forbidden actions documented
- [ ] Exception list for external APIs defined (e.g., weather)
- [ ] Safety constraints documented in project docs
- [ ] Constraints integrated into architecture decisions

## Technical Details

This will inform:
- Tool permission design
- Network separation requirements
- Confirmation flow design
- Memory and data retention policies

## Dependencies

None - can be done in parallel with TICKET-002.

## Related Files

- `docs/PRIVACY_POLICY.md` (to be created)
- `docs/SAFETY_CONSTRAINTS.md` (to be created)
- `ARCHITECTURE.md`

## Notes

These constraints will be referenced throughout development, especially for safety and boundary enforcement tasks.