Data Safety & AI Policy
Artificial Intelligence & Data Processing Limitations
Effective Date:
Last Updated:
Data Safety at a Glance
This section provides a plain-English overview of how we handle client data and our relationship with artificial intelligence tools. The detailed legal terms follow below.
Deterministic Processing
All compliance audits and remediation work is performed using rigid, verifiable scripts — not probabilistic AI. Every output can be traced to a logically defined rule, inspected, and reproduced.
No AI Training on Your Data
Your data is never used to train machine-learning or large-language models — not ours, not anyone else's. This applies to all client data including personally identifiable information, protected health information, and proprietary business data.
The Air Gap
Client data environments are architecturally isolated from any external AI API. While AI tools may assist our engineers in writing code, the execution environment where your data resides never connects to AI services. No client data transits to or from any AI system.
Data Isolation & Deletion
Each client engagement runs in its own isolated container or pipeline. Environments are provisioned per-engagement and destroyed after completion. Your data is never commingled with another client's data, and it is deleted when the engagement ends.
Artificial Intelligence & Data Processing Limitations
1. Definitions
For the purposes of this policy, the following terms have the meanings set forth below:
| Term | Definition |
|---|---|
| Client Data | Any data provided by, generated by, or collected on behalf of a client in the course of an engagement, including but not limited to personally identifiable information (PII), protected health information (PHI), proprietary business data, website content, analytics data, and configuration files. |
| Deterministic Automation | Software processes whose outputs are entirely determined by their inputs and programmed logic, producing identical results on each execution given the same inputs. Examples include Python and Bash scripts with defined rule sets. |
| Probabilistic AI | Systems whose outputs are generated through statistical inference, machine learning, or large-language models, where outputs may vary between executions and are not logically guaranteed to be identical given the same inputs. |
| Processing Environment | The computing infrastructure (servers, containers, pipelines, and associated storage) in which Client Data is stored, accessed, or transformed during an engagement. |
| AI Development Tools | Artificial intelligence systems used by Unified Stack personnel to assist in writing, reviewing, or generating source code, documentation, or other work product that does not itself contain Client Data. |
2. Prohibition on AI Training
Our Commitment: Client Data Never Trains AI Models
Unified Stack LLC does not use Client Data to train, fine-tune, or improve any machine-learning or large-language model. This prohibition applies to all categories of Client Data, including PII, PHI, and proprietary business information.
Specifically:
- Client Data is never submitted to any internal or third-party model-training pipeline.
- Client Data is never used as training data, validation data, or evaluation data for any machine-learning system.
- Client Data is never included in datasets used to fine-tune, retrain, or perform reinforcement learning on any large-language model.
- This prohibition extends to all third-party AI services and subprocessors engaged by Unified Stack.
3. Deterministic Processing Guarantee
All compliance audits, data analysis, and remediation activities performed on Client Data use deterministic automation exclusively. This means:
- Processing logic is implemented in rigid, rule-based scripts (Python, Bash, or equivalent deterministic tooling).
- All outputs are verifiable: given the same inputs, the same outputs are produced on every execution.
- Processing outcomes are logically strictly defined and can be audited by inspecting the source code of the scripts used.
- No probabilistic AI system is used in the processing, analysis, or transformation of Client Data.
This guarantee ensures that every action taken on Client Data is transparent, reproducible, and independently verifiable.
4. AI Development Tool Isolation (“The Air Gap”)
Architectural Isolation of Client Data from AI Services
The Processing Environment where Client Data resides is architecturally isolated from any external AI API, service, or endpoint. No Client Data transits to or from any AI system at any time.
Unified Stack personnel may use AI Development Tools to assist in writing source code, generating documentation templates, or reviewing code logic. However:
- AI Development Tools operate in a separate environment that has no access to Client Data.
- No Client Data is entered into, transmitted to, or accessible by any AI Development Tool.
- The network architecture of the Processing Environment does not permit outbound connections to AI service APIs.
- Code generated with AI Development Tool assistance is reviewed and tested by Unified Stack personnel before deployment into the Processing Environment.
5. Data Isolation & Containment
Client Data is processed in isolated environments with strict containment controls:
- Each client engagement operates in its own isolated container, virtual machine, or processing pipeline.
- Environments are provisioned on a per-engagement basis with dedicated storage and compute resources.
- No Client Data from one engagement is accessible to, commingled with, or co-located alongside Client Data from any other engagement.
- Access to each Processing Environment is restricted to authorized Unified Stack personnel assigned to that specific engagement.
- All access to Processing Environments is logged and auditable.
6. Data Deletion
Upon completion of a client engagement, Unified Stack will delete all Client Data from the Processing Environment, unless a written retention agreement has been executed with the client. Specifically:
- All Client Data in active processing environments is deleted upon engagement completion.
- Backup copies containing Client Data are deleted according to the backup retention schedule, not to exceed 30 days after engagement completion.
- Derived artifacts (reports, analysis outputs, logs) that contain or reference Client Data are deleted alongside the source data, unless the client has requested delivery of such artifacts.
- Unified Stack will provide written confirmation of data deletion upon client request.
If a client requires extended retention of data beyond the engagement period, a separate written data retention agreement must be executed specifying the retention period, storage conditions, and deletion schedule.
7. Audit & Verification Rights
Clients have the right to verify Unified Stack's compliance with this policy. Upon reasonable request, Unified Stack will provide:
- Processing Method Documentation: Description of the deterministic scripts and tools used to process Client Data, including version identifiers and execution parameters.
- Environment Logs: Logs demonstrating the isolation of the Processing Environment, including network access records confirming the absence of connections to AI service APIs.
- Data Deletion Confirmation: Written certification that Client Data has been deleted from all Processing Environments, backups, and derived artifacts in accordance with Section 6.
- Subprocessor Disclosure: A list of any third-party subprocessors that had access to Client Data during the engagement, along with confirmation that such subprocessors are bound by obligations consistent with this policy.
Audit requests should be directed to privacy@unifiedstack.io. Unified Stack will respond to audit requests within 30 days.
8. Breach of This Policy
Any violation of the commitments set forth in this policy by Unified Stack LLC, its personnel, or its subprocessors constitutes a material breach of any service agreement, statement of work, or master services agreement between Unified Stack and the affected client.
In the event of a breach, the affected client shall be entitled to all remedies available under the applicable service agreement and at law, including but not limited to immediate termination of the engagement and recovery of damages.
9. Contact Information
If you have questions about this policy or wish to exercise your audit and verification rights, please contact us:
Unified Stack LLCData Safety Inquiries
Email: privacy@unifiedstack.io
Privacy Request Form: [Secure Privacy Request Form]