You are building an LLM chatbot for an enterprise setting where user queries may contain sensitive internal information, and the client has strict data privacy constraints. The system still needs to answer questions from approved company knowledge, but it cannot freely expose raw documents or send private content to external services.
If a client wants to implement an LLM-based chatbot but has strict data privacy constraints, how would you architect the solution?