Privacy

The access portal manages people and permissions, not documents.

This notice describes the controlled-pilot website and access portal. It is intentionally narrower than a general consumer privacy policy.

Information we collect

We collect the requester's name and verified email; organization, team, role, use-case category, pilot size, Windows environment, database preference, requested start date, named analyst emails, a short workflow summary, selected capability interests, and optional additional context. We also record approval, rejection, verification, grant, reset, revocation, URL issuance, onboarding, artifact identity, and closure events.

Information we prohibit

Do not provide source documents, filenames, document text, patient or client information, SQL server details, credentials, screenshots, or signed download URLs. Narrative responses are length-limited and screened server-side for sensitive or technical content.

How access works

Email links verify control of an address but do not approve access. Daniel is the sole v1 approver. Every named analyst must verify their own email before receiving an individual entitlement to one exact installer.

Logs and audit

Application logs exclude raw email-link tokens, signed URLs, workflow narratives, request notes, email addresses, and artifact endpoints. Append-only audit events use non-PII actor references and the installer digest.

Retention and deletion

V1 uses manual closure, anonymization, and deletion. A request records closedAt when closed. Automatic retention is deferred until a broader-launch policy is approved.

Cookies and analytics

The portal uses secure session cookies needed for verification and access status. V1 uses no advertising cookies or third-party behavioral analytics.