Legal Infrastructure

Privacy Policy

Effective Date: May 15, 2026

KB Analytical Solutions Inc. ("we," "us," or "our") is committed to protecting the privacy and security of the institutional data processed by the QUORUM Decision Infrastructure (the "Platform"). This Privacy Policy describes how we handle information in accordance with global regulatory standards, including PIPEDA, GDPR, and CCPA.

1. Zero-Knowledge Processing Philosophy

The Platform is designed on the principle of data minimization. We prioritize the processing of mathematical weights and behavioral signals over Personally Identifiable Information (PII). In Sovereign and Strategic deployments, all sensitive data remains within the institutional operator's defined perimeter.

2. Information Collection

To provide high-fidelity risk orchestration, the Platform may collect and process the following technical telemetry:

Network edge metadata (IP addresses, JA3/TLS fingerprints, HTTP/2 headers).
Behavioral cadence data (input velocity, navigation patterns, session entropy).
Cryptographic hashes of transaction attributes.
Device-specific hardware identifiers (normalized and hashed).

3. Data Retention and WORM Compliance

In accordance with financial regulatory mandates, all decision traces are stored on Write-Once Read-Many (WORM) compliant cryptographic ledgers. These records are preserved for the minimum period required by law (typically 7 years) to ensure forensic non-repudiation during regulatory examinations.

4. Security Architecture

We implement institutional-grade security controls, including:

AES-256 encryption at rest and TLS 1.3 encryption in transit.
Hardware Security Module (HSM) integration for key management.
Strict logical separation of tenant data in multi-tenant environments.
Automated audit logging of all administrative access to the control plane.

5. International Data Transfers

Data is stored and processed in accordance with the sovereign deployment model selected by the institution. For Cloud-Native deployments, data is localized to the region specified in the Strategic Access Agreement.

6. Rights of Data Subjects

The Platform provides automated workflows to assist institutional operators in satisfying data subject requests, including Right to Access and Right to be Forgotten (RTBF), provided such requests do not conflict with mandatory financial retention laws.

7. Contact Information

For inquiries regarding this Privacy Policy or our data governance practices, please contact our Data Protection Officer at: [email protected]