Diff: architecture/data-sovereignty-telemetry
From 61ed7fe to 61ed7fe
+9 / −13 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| type: topic | type: topic |
| slug: data-sovereignty-telemetry | slug: data-sovereignty-telemetry |
| short_description: "The platform collects only anonymized, IP-masked geospatial telemetry with no personally identifiable information retained, appending mandatory regulatory disclosure to public-facing interfaces." | short_description: "The platform collects only anonymized, IP-masked geospatial telemetry with no personally identifiable information retained, appending mandatory regulatory disclosure to public-facing interfaces." |
| title: "Data sovereignty and zero-state telemetry" | title: "Data sovereignty and zero-state telemetry" |
| audience: vendor-public | audience: vendor-public |
| bcsc_class: current-fact | bcsc_class: current-fact |
| language: en | language: en |
| paired_with: data-sovereignty-telemetry.es.md | paired_with: data-sovereignty-telemetry.es.md |
| last_edited: 2026-05-25 | |
| category: architecture | category: architecture |
| --- | --- |
| PointSav | PointSav platform interfaces operate on a zero-state telemetry architecture: no personally identifiable information (PII) is collected, no tracking cookies are deployed, and no session state is retained. Operational metrics are limited to anonymized, IP-masked geospatial signals used for infrastructure auditing. Operators in regulated industries gain a public-facing posture consistent with GDPR, PIPEDA, and equivalent data-minimisation requirements, without requiring cookie-consent frameworks. |
| ## | ## No-cookie infrastructure |
| The platform | The platform prohibits tracking cookies, persistent local-storage tracking, and third-party analytics integrations. Public-facing interfaces carry no third-party analytics scripts, eliminating the legal obligation to present cookie-consent banners under ePrivacy and equivalent regimes. |
| ## | ## Geospatial anonymisation protocol |
| Operational metrics are gathered | Operational metrics are gathered through a first-party ping architecture. The ingestion server applies mandatory IP masking — the final octet of the incoming IP address is dropped at receipt (for example, `192.168.1.45` becomes `192.168.1.0`). The resulting record is a coarse geospatial signal with no network-level identification. Interaction data — such as document-access events — is used to audit infrastructure security and measure platform usage patterns; no record is tied to an individual identity. |
| ## Mandatory regulatory disclosure | |
| * **Anonymized Auditing:** Interaction data—such as document downloads—is used strictly to map deal velocity and platform friction, ensuring compliance while maintaining infrastructure security. | |
| ## 3. Mandatory Regulatory Disclosure | |
| All public-facing interfaces are required to append the following disclosure to their legal blocks: | |
| All public-facing interfaces append the following disclosure to their legal blocks: | |
| This | > "Digital Infrastructure and Privacy Posture: This interface operates on a zero-execution and zero-state telemetry architecture. It does not deploy tracking cookies, retain session states, or harvest personally identifiable information. System interactions are limited to the collection of anonymised, masked network routing data strictly for the purpose of auditing infrastructure security and verifying document access." |
| ## See also | ## See also |
| - [[sovereign-telemetry]] | - [[sovereign-telemetry]] |
| - [[machine-based-auth]] | - [[machine-based-auth]] |
| - [[zero-execution-routing]] | - [[zero-execution-routing]] |
| - [[cryptographic-ledgers]] | - [[cryptographic-ledgers]] |