Privacy Policy & Data Governance

1. Information We Collect

Depending on how you interact with our Site and services, we collect information across two distinct categories:

• Direct Communications: Information submitted voluntarily via our contact forms or RFP portals, including your name, institutional/agency email address, corporate telephone number, agency or business name, and project scope details.
• Automated Telemetry: Technical data collected automatically via system logs and hosting infrastructure, including IP addresses, browser types, operating systems, referring URLs, and engagement metrics.

2. Institutional Data Isolation & Processing Roles

When constructing systems or serving public-sector applications, Incodet differentiates our data management principles based on legal status:

Data Processor Designation: For all sovereign government platforms and custom enterprise instances, Incodet operates strictly as a Data Processor. The client agency or institution remains the absolute Data Controller and retains 100% legal ownership of all transactional, operational, and citizen datasets processed inside the application environment.

• Zero Commercial Cross-Contamination: Institutional, production-level, or system-metadata datasets are strictly isolated. We do not engage in, nor do our systems allow, data brokerage or commercial advertising profiling.
• No AI Model Training: Client production datasets are never used to train public or commercial AI models, ensuring absolute intellectual property preservation and data confidentiality.

3. Infrastructure Security & Data Sovereignty

To fulfill the strict data preservation rules required by public-sector procurement boards, our underlying architectural stack utilizes the following constraints:

• Geographic Localization: All core client systems and databases are hosted on localized cloud partitions (such as AWS GovCloud or equivalent domestic sovereign partitions) restricted to the client's home national jurisdiction.
• Cryptographic Protection: Data is protected continuously utilizing Advanced Encryption Standard (AES)-256 protocols while at rest, and transport-layer security (TLS) 1.3 frameworks when in transit.
• Audit Logging: Production database instances record chronological, immutable logging of all administrator and user access read/write queries to provide legal audit readiness during security reviews.

4. Third-Party Framework Sub-Processors

To safely deliver our public marketing Site, we integrate with trusted infrastructure vendors who follow strict security practices. Your website metadata is safely distributed across:

5. International Data Rights (GDPR / CCPA Alignment)

Regardless of geographic location, we grant users comprehensive authority over their website contact information. You retain full entitlement to:

• Request a transparent overview or copy of your contact form data stored within our administrative logs.
• Request the immediate, permanent erasure (“Right to be Forgotten”) of your contact record from our databases.
• Object to or opt out of any marketing distributions or company news updates.

6. Governance Inquiries & Contacts

For formal institutional inquiries regarding data processing addendums (DPAs), architectural compliance frameworks (SOC 2 / NIST), or privacy exercises, please contact our administrative data desk:

Incodet Security & Data Governance
Email: legal@incodet.com