The number one objection to AI adoption in wealth management is data security. Advisors, compliance officers, and firm leadership all ask the same question: "If I use Claude with client data, where does that data go?" It's the right question. The answer depends entirely on architecture. Consumer AI tools send your data to the model provider's servers where it may be used for training. Milemarker Navigator is built differently. Your data stays in your Snowflake instance. Claude accesses it through secure, permissioned, read-only MCP connections. Nothing is sent for training. Nothing leaves your control.
Why Financial Services Firms Are Cautious
Financial services data is among the most regulated in any industry. SEC, FINRA, GLBA, and a growing body of state regulations govern how client information is collected, stored, transmitted, and used. Client data includes personally identifiable information, account numbers, financial positions, and transaction history — all subject to strict handling requirements with meaningful legal consequences for mishandling.
Fiduciary duty means protecting client information is not optional — it is a legal obligation that runs from the firm to every individual client. A data breach or misuse of client information exposes a firm to regulatory action, civil liability, and reputational damage that can take years to recover from.
Consumer AI tools — free-tier ChatGPT and similar products — have terms of service that may allow data entered into the system to be used for model training. Compliance teams that flagged these tools were correct to do so. The risk was real and the caution was appropriate.
But here is the distinction that changes the analysis: most firms that have banned AI did so because they evaluated consumer-grade tools, not enterprise infrastructure. The answer to "is AI safe for our firm?" is not "no." It is "it depends on the architecture." Consumer tools are not designed for financial services data. Enterprise infrastructure — built with residency, permissioning, and auditability as first-order requirements — is a different category entirely.
The Milemarker Navigator Security Architecture
Milemarker Navigator connects Claude to your firm's data through a structured, permissioned architecture that addresses each security concern compliance teams raise. The following table describes each security layer and how it works in practice.
| Security Layer | How It Works |
|---|---|
| Data Residency | Your data lives in your Snowflake instance. Your account. Your cloud region. Your retention policies. Milemarker does not host a copy of your data outside Snowflake. |
| Model Training | Your data is never used to train Claude or any AI model. Anthropic's enterprise terms explicitly prohibit training on customer data. Milemarker enforces this at the infrastructure level. |
| Access Control | Role-based permissions determine what each user can access through Navigator. An advisor sees their clients. A COO sees the firm. A compliance officer sees audit data. Your firm configures the permissions. |
| Read-Only Default | Navigator provides read-only access to your data by default. Claude can query your warehouse but cannot modify, delete, or write records unless write-back is explicitly configured for specific use cases. |
| Encryption | Data in transit encrypted with TLS 1.2+. Data at rest encrypted with AES-256 in Snowflake. API connections between Navigator and Snowflake are encrypted end-to-end. |
| Audit Logging | Every Navigator query is logged: user identity, timestamp, question asked, data accessed, and results returned. Logs are available for compliance review and regulatory examination. |
| SOC 2 Type II | Milemarker maintains SOC 2 Type II certification. Security controls are audited annually by an independent third party. |
| MCP Standard | Model Context Protocol is an open standard created by Anthropic. It defines how AI models connect to external data sources with explicit permissions. It is not a proprietary or opaque integration. |
Consumer AI vs. Enterprise AI Architecture
The distinction between consumer AI tools and enterprise AI infrastructure is not a matter of degree — it is a matter of design intent. Consumer tools are built for convenience and broad accessibility. Enterprise infrastructure is built for security, compliance, and auditability. They are different products that happen to use similar underlying models.
Addressing Your Compliance Team's Questions
If you are the person responsible for getting AI approved at your firm, the following questions are the ones your compliance committee is most likely to raise. Here are precise, accurate answers you can bring to that conversation.
"Where does client data go when we use Claude?"
Nowhere. Claude accesses your data through Navigator's MCP connection to your Snowflake warehouse. The data stays in Snowflake. Claude reads it, generates a response, and the data is not retained by Anthropic or used for any purpose beyond answering your question.
"Can Anthropic see our client data?"
No. Anthropic's enterprise terms prohibit access to customer data for training or any purpose beyond processing your request. Milemarker's architecture ensures data is transmitted only through secure API connections within the query-response cycle. Anthropic processes the query and returns a response — it does not store or access your underlying client records.
"What happens if an advisor asks Claude about a client they shouldn't have access to?"
Navigator's permission system prevents this. Each user's access is scoped by role. If an advisor attempts to query a client outside their book, Navigator returns no data. The attempt is logged — including the user identity, the question asked, and the timestamp — so your compliance team has a complete record.
"How do we satisfy our compliance committee?"
Milemarker can provide: SOC 2 Type II report, architecture diagrams, data flow documentation, security questionnaire responses, and a reference call with an existing client's compliance team. Most compliance committees approve Navigator after reviewing these materials. The typical review cycle is two to three weeks.
"What about state privacy regulations?"
Your data resides in your Snowflake instance in a cloud region you choose. Milemarker does not transfer data across jurisdictions. Navigator's access controls and audit logging support compliance with state privacy requirements. Your legal team can review the architecture documentation and data flow diagrams as part of their assessment.