An incident report names a real person. It describes what happened to them on a venue floor at 2am, who was working, and how the team handled it.
Before we built anything for NightGuides, one question came before the clever part. Where does that record live, and who controls it?
You already hold records about real people
You hold data about real people. Customer details, client files, patient notes, the incident logs from a shift. Some of it you are legally responsible for. All of it, someone trusted you to keep.
Add an AI tool to your business and that data has to go somewhere. The tool reads it, processes it, and stores it, and every one of those steps runs on a computer that belongs to someone.
The quick version of an AI build parks all of it inside a shared tool you do not control. Fast to set up. But then your most sensitive records sit on infrastructure someone else runs, under terms someone else wrote, on servers that may use your data to train the next version of their model.
Most conversations about AI walk straight past this. They open with what the tool can do, how fast it is, how much it takes off your plate. They rarely stop on the question that comes first. Before any of that: where does your data end up, and whose rules govern it once it is there?
What it looks like when the data stays yours
NightGuides is an Amsterdam nightlife-safety organisation. Their teams document what happens on the floor: incidents, names, how each case was handled. The write-up used to take four days of copying group chats into a report by hand.
Now the team submits the shift's chat export and the event briefing through one short form, and a finished report lands as a formatted document within five minutes. Five venues run on that one system.
That is the part people ask about first, and it is real. It is also the smaller half of the design.
The whole pipeline runs on a private server provisioned for NightGuides. The AI processing runs through an API that does not train on their data. NightGuides owns the workflow, and they own every report it produces. Nothing about an incident, no name, no timeline, no detail of how a case was handled, leaves ground they control.
Here is why that ordering matters. The speed is reversible: a slow process can always be made faster later, by anyone, with any tool. Handing your most sensitive records to a tool you do not control is much harder to walk back. Once they sit on someone else's servers, under someone else's terms, you are negotiating for access to your own records.