Skip to content

Governance and policy

This page shows you how to set the guardrails, consent defaults, and oversight controls that keep SUPERWISE Chat safe and compliant for everyone in your workspace. By the end you’ll know what you can tune as an administrator, what’s fixed by your plan, and how to confirm that your safety controls are doing their job.

Who this is for: workspace administrators (and the IT or compliance owners who support them). You’ll need an admin role to change these settings — if Settings → Governance isn’t visible to you, ask your tenant administrator to grant access.

  • You have an administrator role (a tenant administrator, project administrator, or higher). Governance settings live under Settings → Governance.
  • You know who in your organization should have oversight access — the people who need to review what happened without being able to change settings. They get the Governance Manager role (see Users and roles).
  • If you’re applying organization-wide rules, decide your defaults first, then let teams adjust within them. Defaults you set apply to new conversations and new projects going forward.

Every message in Chat passes through a series of automatic safety checks before and after the AI responds. You don’t have to wire these up — they run on every conversation. As an administrator, you decide which safety profile applies and who can review the results.

There are four review points, framed for what they protect:

Review pointWhen it runsWhat it protects
Incoming messageAs a message arrivesScreens for prompt manipulation and clearly unsafe input before any work begins.
Retrieved evidenceWhile gathering supporting materialFilters sensitive or confidential content (including personal data) out of the material used to answer.
Assembled requestJust before the AI is asked to respondConfirms the full request is within policy before the model sees it.
Final answerBefore the reply is shownReviews the response for safety before it reaches the user.

When content is held, the user sees a plain notice that their message was reviewed for safety — never a raw error. You don’t need to configure that message.


What you can configure vs. what’s fixed by your plan

Section titled “What you can configure vs. what’s fixed by your plan”

Use this table to set expectations before you open Settings. “Tunable” means you can change it; “Fixed” means it’s set by your subscription plan or built into the product for everyone’s protection.

ControlTunable by admins?Notes
Which safety profile applies to an assistantTunableChoose the safety profile that matches your industry or risk posture.
Consent defaults for your organizationTunableSet what optional features (like memory and document indexing) are on by default.
Who has oversight access (Governance Manager)TunableAssign read-only review access to compliance and security staff.
Whether external web search is allowedTunableWeb search is governed by policy: you decide where it’s permitted, and higher-risk uses can be set to require approval before they run.
Whether essential safety review can be turned offFixed (cannot be disabled)Safety review is an essential activity and runs for everyone.
The four review points and their cautious/available balanceFixedBuilt in; identical across workspaces.
Plan limits (agents, monthly usage, datasets)Fixed by planRaise these by upgrading your plan — see Model access and tiers.

Follow these steps once, then revisit them when your policies change.

  1. Open Settings → Governance. If you don’t see it, you don’t have an admin role yet — ask your tenant administrator.
  2. Choose the safety profile for your assistants. For each published assistant, attach the safety profile that matches your needs (for example, a stricter profile for an assistant that handles customer data). An assistant with no profile attached is flagged as a coverage gap so you can find and fix it.
  3. Set your consent defaults. Decide which optional processing is on by default for your organization — for example, conversation memory and document indexing. Individual users can still opt out of optional activities; essential activities (answering questions and safety review) stay on for everyone.
  4. Assign oversight access. Give your compliance or security reviewers the Governance Manager role. They can review what happened and export records, but cannot change settings or moderate conversations — the right separation of duties for an auditor. See Users and roles.
  5. Confirm coverage. Open the governance overview and check that your published assistants show as protected rather than gap or unknown. Resolve any gaps by attaching a safety profile.

Worked example: a stricter profile for a customer-data assistant

Section titled “Worked example: a stricter profile for a customer-data assistant”

Suppose your support team runs an assistant that can touch customer records, and your compliance team needs to review everything it does.

  1. In Settings → Governance, attach your strictest safety profile to that assistant so its incoming messages, evidence, and answers are all reviewed under the tighter rules.
  2. Leave conversation memory and document indexing at your organization’s default — or turn them off for this team if you don’t want customer details retained.
  3. Assign your two compliance reviewers the Governance Manager role so they can review the oversight record and export it for audits, without being able to edit the assistant or its settings.
  4. Confirm the assistant shows as protected in the governance overview.
  5. Point reviewers to Audit and usage, where they can review the safety and access record over time.

The result: a tighter safety posture on the one assistant that needs it, the right people watching it, and a clean separation between who operates and who oversees.


You don’t have to set up logging — oversight records are kept automatically and are tamper-resistant by design:

  • Safety reviews are recorded for every message, so reviewers can see what was checked and what was held.
  • Role and access changes are recorded and can’t be edited or deleted from within the product.
  • Settings changes are kept as an append-only history — they can be added to, but never altered or removed.
  • Consent changes are kept as a per-user history.

Governance Managers and administrators can review and export these records. For the day-to-day review workflow, see Audit and usage. For how your organization’s data is kept separate from every other organization’s, see Tenant isolation.


A user says their message was “reviewed for safety” and held. That’s the safety review working as intended — usually a cautious hold rather than a hard block. If it happens repeatedly for legitimate content, check that the assistant has the right safety profile attached (an overly strict profile may be the cause) and review the recorded safety decisions in Audit and usage.

An assistant shows as a “gap” in the governance overview. The assistant is published but has no working safety profile attached (or its profile is missing or suspended). Attach a valid safety profile to move it back to protected.

A user can’t turn off memory or document indexing. Those are optional and should be toggleable per user. If they can’t, your organization’s defaults may require them, or the user may not have permission to change their own settings — check your consent defaults in Settings → Governance.

A user wants to turn off safety review. That isn’t possible. AI safety review is an essential activity that runs for every workspace and every user — it can’t be disabled.

I don’t see Settings → Governance at all. You don’t have an administrator role. Ask your tenant administrator to assign one (see Users and roles).