Privacy & Data Governance
This document describes the data governance framework, confidentiality controls, and information handling policies that govern all AEJYS engagements. It is maintained as an institutional disclosure — not a marketing instrument.
I — Data Governance Philosophy
Data governance within AEJYS is not a feature applied to an existing system. It is a structural property of the platform — enforced through infrastructure design, schema architecture, and access control mechanisms rather than through policy documents alone.
The firm operates on the premise that data handling in a pre-commitment intelligence context requires a posture more restrictive than standard commercial practice. The information submitted by engagement participants concerns material alliance exposure. The governance framework reflects the sensitivity of that context.
Every element of the data lifecycle — collection, processing, storage, access, retention, and disposition — is governed by controls that are defined in advance, enforced programmatically, and logged immutably. Governance obligations persist beyond the conclusion of any individual engagement.
II — Information Categories
AEJYS collects information within defined categories, each subject to specific handling controls. No information is collected outside these categories without explicit disclosure.
Engagement Request Data
Information submitted during the initial request process, including a description of the proposed alliance context, the nature of the exposure involved, and contact information sufficient to conduct the eligibility review.
Structured Intake Responses
Responses submitted by engagement participants through the structured intake process. These responses are evaluated within the scoring environment and are not disclosed to other participants.
Modeling Outputs
The results produced by the deterministic scoring environment, including pillar-level assessments, composite scores, categorical band assignments, and any applicable Expectation Variance Index computation.
Analyst Work Product
Contextual analysis, override justifications, and institutional narrative prepared by the assigned strategic analyst as part of the engagement deliverable.
System & Audit Records
Operational records generated by the platform, including access logs, scoring run metadata, override records, delivery confirmations, and authentication events.
III — Intake Data Handling
Structured intake responses are submitted independently by each engagement participant. Responses are transmitted over encrypted channels and stored within an access-restricted schema. At no point during or after the engagement are one participant’s raw responses disclosed to another participant.
Intake data is processed exclusively within the scoring environment. It is not aggregated across engagements, used for benchmarking purposes, or made available to systems outside the defined engagement scope.
Participation in the structured intake process does not create an investigative or monitoring relationship. The intake collects declared structural assessments — it does not surveil, profile, or track participant behavior beyond the submission itself.
IV — Dual-Input Controls
In dual-input engagements, both parties submit structured responses independently. The confidentiality architecture enforces the following constraints:
Individual responses are never disclosed to the other participant
The delivered assessment reflects the modeled composite without exposing individual inputs
Mutual consent is required before the completed assessment is released to either party
Refusal to participate by one party does not generate adverse inference in the modeling output
The dual-input protocol is designed to ensure that participation is structurally voluntary and that confidentiality is maintained at the individual response level regardless of the engagement outcome.
V — Scoring Isolation
The scoring environment operates within a dedicated schema that is architecturally isolated from client-facing systems. It is not exposed through external interfaces. It is not queryable by client applications. It is not accessible to engagement participants at any stage.
This isolation ensures that structural outputs are computed independently of any interpretive, generative, or presentation-layer process. Scoring inputs enter the environment through a defined interface. Scoring outputs exit through a controlled delivery pathway. No intermediate state is externally observable.
The isolation boundary is enforced at the infrastructure level — through schema separation, role restrictions, and access control policies that are not overridable through application-layer configuration.
VI — Modeling & Audit
All modeling within the scoring environment is deterministic. Identical inputs, evaluated under identical model versions, produce identical outputs. There is no stochastic element, no probabilistic inference layer, and no adaptive learning component in the numeric computation path.
Every scoring run, override action, access event, and delivery confirmation is recorded in an immutable audit log. Audit entries are insert-only — they cannot be updated, modified, or deleted after creation. Each entry includes the actor, action type, target entity, timestamp, and a structured detail payload.
Override events are logged with the original categorical band, the adjusted band, the analyst’s documented justification, and a payload integrity hash. The audit record is retained independently of the engagement data and is available for institutional review.
VII — Access Controls
Access to engagement data, scoring outputs, and system infrastructure is governed by role-based access controls enforced at the database level. Row-level security policies restrict data visibility to the minimum scope required for each defined role.
Engagement participants access only their own submitted data and, upon mutual consent, the delivered assessment. They do not have visibility into scoring internals, other participants’ raw responses, analyst work product, or system-level audit records.
Strategic analysts operate within a defined permission boundary that grants access to the engagement scope assigned to them. They do not have unrestricted access to all engagement data across the platform. Administrative access is restricted, logged, and subject to the same immutable audit controls applied to all system actions.
VIII — Data Retention
AEJYS operates under a limited data retention framework. Engagement data is retained only for the duration necessary to fulfill the engagement scope and any applicable governance obligations. Retention windows are defined in the engagement terms and are not extended without explicit authorization.
Upon expiration of the retention window, engagement data — including structured intake responses, modeling outputs, and delivered assessments — is subject to scheduled disposition. Audit records are retained independently under a separate retention schedule to preserve institutional accountability.
Delivered dossiers are accessible through time-limited, secure channels. Access links expire according to the defined delivery terms. Expired access is not reinstated without a new authorization event, which is itself logged immutably.
IX — Encryption & Infrastructure
All data is encrypted in transit and at rest. Transport-layer encryption is enforced on all connections to the platform. Storage encryption is applied at the infrastructure level and is not configurable or disableable through application-layer controls.
The platform infrastructure is operated within a controlled environment with defined network boundaries, access restrictions, and monitoring controls. Infrastructure configuration is version-controlled and subject to the same change management discipline applied to the modeling framework.
Engagement data is not stored on client devices, transmitted through unencrypted channels, or cached in publicly accessible locations. Document delivery mechanisms are designed to limit persistence outside the controlled infrastructure environment.
X — Data Sharing Policy
AEJYS does not sell, license, lease, or otherwise monetize client data. This restriction is unconditional and applies to all categories of collected information without exception.
Client data is not sold to third parties
Client data is not licensed for external use
Client data is not used for advertising or profiling
Client data is not aggregated for commercial benchmarking
Client data is not indexed by public search systems
Client data is not repurposed for marketing under any circumstance
Data may be disclosed only under the following conditions: with the explicit written consent of the affected party, or in response to a valid legal obligation issued by a court of competent jurisdiction. In the event of a compelled disclosure, AEJYS will provide notice to the affected party to the extent permitted by applicable law.
XI — Legal Compliance
AEJYS maintains data handling practices consistent with applicable data protection and privacy regulations within its operating jurisdictions. The firm monitors regulatory developments that affect data governance obligations and adjusts its controls accordingly.
Where applicable regulations impose data handling requirements that exceed the firm’s baseline controls, the more restrictive standard is applied. Where applicable regulations permit practices that the firm’s governance framework prohibits — such as secondary data monetization — the firm’s internal restrictions prevail.
Jurisdictional scope, governing law provisions, and dispute resolution mechanisms are defined in the engagement terms applicable to each engagement. These provisions are disclosed prior to the commencement of structured intake.
XII — Client Rights
Engagement participants may request access to their own submitted data, request correction of factual inaccuracies in submitted information, or request deletion of their data subject to the constraints of the applicable retention schedule and any outstanding governance obligations.
Requests are processed through the established communication channel associated with the engagement. The firm will respond within a reasonable timeframe and will document the disposition of each request in the audit record.
Participation in an AEJYS engagement does not create an ongoing data collection relationship. The firm does not maintain persistent tracking, behavioral monitoring, or longitudinal profiling of engagement participants beyond the defined engagement scope.
This governance framework is subject to periodic review and revision. Material changes to data handling practices are documented and disclosed. The current version of this framework governs all active engagements unless superseded by engagement-specific terms.