Design Principles

• Tokenize before transit: Sensitive roster data is tokenized inside the customer’s controlled environment, inside their firewall, before secure transmission.
• One secure pipeline: RVP and RVC use the same secure process; customers can start private and expand collaborative without changing how data is prepared or transmitted.
• Data minimization: Each file uses either SSN or Name+DOB—never both in one file.
• Ephemeral processing: Jobs run in isolated workspaces; outputs are delivered and sources purged on a schedule.
• Transparency: PII-aware logs and immutable manifests enable audit without exposing payloads.

Transport Security

• Key-based SFTP only: SSH keys required; passwords disabled.
• Known-hosts pinning: Server host keys pinned to prevent MITM.
• Per-customer isolation: Dedicated /inbox and /outbox paths.

Data at Rest & Retention

• Scoped storage: Only the minimal job artifacts exist during processing.
• Purge policy: Input files purged after delivery; outputs retained briefly for redelivery, then purged.
• Configurable windows: Default retention windows can be tuned by contract.

Operational Controls

• Least privilege: Segregated runtime identities; least-privileged access to stores and services.
• PII-aware logging: No cleartext payloads. Logs focus on counts, checksums, and job IDs.
• Immutable manifests: Strong hashes for input and output files.

Compliance Posture

Our controls are aligned to LADMF operational expectations and general privacy obligations. We provide security overviews, DPAs (as applicable), and audit support upon request.

Incident Response

• 24/7 on-call: Rapid triage and containment.
• Customer notifications: Contract-aligned timelines and detail.
• Post-incident review: Root-cause analysis and corrective actions.

Schedule a Program Review