Bowtie Funnel Framework
The LLM Exposure Curve:
PII & Business Intelligence Risk by Lifecycle Stage
What it is: An interactive chart showing exactly when PII and business intelligence cross each risk threshold across your customer lifecycle.
Why it matters: PII enters your AI stack as early as Stage 2 — most teams don't know until it's too late.
Why protect it: Unmasked data trains models, leaks across sessions, and creates legal exposure at your most sensitive stages.
What you can do: Apply PII masking, enforce context-window flushes, and move to zero-retention sovereign files before critical data touches any model.
PII / Security Sensitivity
LLM Data Risk by Customer Lifecycle Stage
01
Active Stage
—
—
Data State
—
Architectural Notes
—
PII Sensitivity
—
Data Liability
—
Risk
Zero → Critical
Frequently Asked Questions
Everything you need to know about LLM data risk, PII exposure, and protecting business intelligence across your customer lifecycle.
A stage-by-stage visualization showing exactly when PII and business intelligence enter your LLM stack across the B2B customer lifecycle. It maps 6 stages — from Awareness to Expansion — and shows how data sensitivity escalates from zero liability to critical exposure as customers move through your funnel.
PII begins entering your AI stack as early as Stage 2 (Education), when newsletter signups, cookie-based intent signals, and ungated asset views are processed. Most teams don't realize their LLM is ingesting identifiable data this early in the lifecycle. Start applying PII masking from Stage 2 onwards — even light form data and cookie signals should be anonymized before reaching your models.
By Stage 4 (Mutual Commit) and beyond, your LLM is processing NDAs, pricing strategy, security agreements, system credentials, revenue telemetry, and proprietary financial data. Without proper controls, this data can be retained in model memory, leak across sessions, or be used in training — creating serious legal and competitive exposure. PII masking is non-negotiable at these stages — every field containing identifiable or proprietary information must be masked or redacted before it enters any model.
PII masking is the process of identifying and redacting or anonymizing personally identifiable information before it is sent to an LLM. It matters because LLMs retain context within a session and can inadvertently expose customer names, emails, financial data, or system credentials across prompts. Masking ensures your models only see what they need to complete a task — nothing more.
A context-window flush is an automated process that clears an LLM's active memory after each session or task completion. It prevents sensitive data from one interaction bleeding into the next. Use it alongside PII masking — masking stops sensitive data from entering the model in the first place, while context-window flushes ensure nothing lingers after a session ends. Enforce both at Stage 4 (Mutual Commit) and beyond.
Zero-retention sovereign files are encrypted flat files (typically JSON or Markdown) that store sensitive business data under strict internal access control — never sent to external cloud services or LLM APIs. At Stage 6 (Expansion), where revenue telemetry and financial PII are involved, sovereign files ensure your most critical data never leaves your controlled infrastructure. Even when reading from sovereign files into an LLM context, always apply PII masking to strip identifiable fields before they enter the model.
GTM Orchestration is a framework developed by Bowtie Funnel Consultancy that coordinates AI agents, human workflows, and data governance across the full customer lifecycle. AI data protection is built into the orchestration layer — determining which data each agent can access, enforcing PII masking before data enters any model, controlling when context windows are flushed, and defining which stages require local-first or zero-retention processing.
At Stage 5 (Onboarding), your LLM is handling system credentials, production configurations, and employee rosters. If you are going to process an LLM model at this stage, make sure you mask your PII data first — before any information enters the model. Beyond masking, the recommended approach is local-first processing — running AI workflows inside self-hosted, code-first durable execution environments rather than third-party cloud APIs. Air-gapping critical workflows adds an additional layer of protection.
At Stage 3, your LLM is ingesting corporate emails, names, titles, and company data via CRM APIs. To minimize liability: use standard OAuth 2.0 authorization flows, declare data residency at the org level, avoid passing raw contact records to LLMs, and apply field-level PII masking before any CRM data enters a prompt.
Yes — Stage 1 (Awareness) data is the safest to process. It consists of anonymous public web traffic, high-level marketing content, and open server logs with zero PII. No authenticated user sessions exist at this stage. LLM processing at Awareness carries zero data liability.