Legal & Compliance
Privacy & Data Protection
At Ochron Technologies, we operate with a 'Security First' posture. This policy outlines how we handle data, our commitment to client sovereignty, and our stance on AI model training.
Last Updated: May 20, 2025
1. Our Core Stance on AI & Data Sovereignty
Unlike consumer AI platforms, we do not monetize client data. Any data shared with Ochron Technologies during briefings, consultations, or engagements is treated as strictly confidential. We explicitly do not use client data to train, fine-tune, or improve our proprietary base models or public models without express written consent. Your architectural blueprints, P&L data, and operational workflows remain your intellectual property.
2. Information We Collect
We collect information in two categories:
* Voluntary Information: Data you provide during briefing requests, such as name, corporate email, role, and strategic context (e.g., 'supply chain bottlenecks').
* Operational Data: If we are engaged for a pilot, we may process sample datasets. This data is handled according to specific Master Services Agreements (MSAs) and Data Processing Addendums (DPAs), which supersede this general policy.
* Voluntary Information: Data you provide during briefing requests, such as name, corporate email, role, and strategic context (e.g., 'supply chain bottlenecks').
* Operational Data: If we are engaged for a pilot, we may process sample datasets. This data is handled according to specific Master Services Agreements (MSAs) and Data Processing Addendums (DPAs), which supersede this general policy.
3. How We Use Your Information
We use your contact details solely to:
* Facilitate leadership briefings and strategic reviews.
* Send engaged clients operational updates and artifacts.
* Share relevant research or 'Impact' snapshots (only if you have opted in).
We never sell, rent, or trade email lists to third-party data brokers.
* Facilitate leadership briefings and strategic reviews.
* Send engaged clients operational updates and artifacts.
* Share relevant research or 'Impact' snapshots (only if you have opted in).
We never sell, rent, or trade email lists to third-party data brokers.
4. Security & Compliance
Our infrastructure is designed to meet SOC2 Type II standards. We utilize encryption at rest (AES-256) and in transit (TLS 1.3). Access to client data is restricted to Principal Architects and engineering leads directly assigned to the account. We enforce strict role-based access control (RBAC) and multi-factor authentication (MFA) across all internal systems.
5. Third-Party Subprocessors
To deliver our services, we may utilize enterprise-grade vendors (e.g., AWS, Vercel, OpenAI Enterprise). We conduct rigorous vendor risk assessments to ensure their security posture matches our own. A full list of subprocessors is available to active clients upon request.
6. Your Rights
You retain full rights to your data. At any time, you may request:
* A copy of all personal data we hold about you.
* The permanent deletion of your data from our CRM and storage buckets ('Right to be Forgotten').
* Correction of any inaccuracies in your profile.
* A copy of all personal data we hold about you.
* The permanent deletion of your data from our CRM and storage buckets ('Right to be Forgotten').
* Correction of any inaccuracies in your profile.
7. Contacting the Data Protection Officer
For specific security audits, DPA requests, or privacy concerns, please contact our security team directly at security@ochrontech.ai.
This document is legally binding and governs our data practices globally.