# Data Sovereignty & Privacy Policy

At Majily LLC, we treat data privacy as a fundamental engineering requirement. This document outlines our protocols for data isolation, security, and governance in our software and AI implementations.

## 01. DATA_SOVEREIGNTY_CORE
Majily LLC ("we," "us," or "our"), located at 1000 Brickell Avenue, Miami, FL, operates under a "Privacy by Design" framework. We treat data privacy as a fundamental engineering constraint, not an afterthought. This policy governs data processed through our landing page and our custom software engagements.

## 02. INGESTION_METRICS
We adhere to the Principle of Least Privilege.

- **Direct Ingestion:** Information provided via our TECHNICAL_DISCOVERY forms (Name, Corporate Email, Tech Stack metadata).
- **System Telemetry:** IP addresses, browser fingerprints, and session logs are processed strictly for network optimization and threat mitigation.

`[EXCLUSION]`: We do not engage in the sale of PII (Personally Identifiable Information) to third-party data brokers.

## 03. AI_GOVERNANCE & VERTEX_AI_COMMITMENT
As a firm specializing in Agentic Infrastructure, we enforce mathematical data isolation:

- **Model Training:** Client data processed via our Vertex AI or MCP pipelines is strictly prohibited from being used to train foundation models.
- **VPC Isolation:** All agentic reasoning occurs within private, encrypted Virtual Private Clouds (VPC).

## 04. SECURITY_ARCHITECTURE
Our infrastructure is version-controlled via Terraform.

- **Encryption:** All data is encrypted at rest using AES-256 and in transit via TLS 1.3.
- **Identity:** We utilize granular IAM roles to ensure zero-trust access to internal metadata.

## 05. JURISDICTIONAL_RIGHTS (CCPA / GDPR / APPI)
Regardless of your location, we provide a unified interface for your data rights:

- **Right to Audit:** You may request a report of all stored metadata.
- **Right to Purge:** You may invoke an IMMUTABLE_DELETE command for your PII by contacting [engineering@majily.com](mailto:engineering@majily.com).

## 06. SUB_PROCESSOR_DISCLOSURE
To execute our infrastructure requirements, we route telemetry and computational load through the following verified sub-processors:

| Provider | Purpose | Region |
|---|---|---|
| Google Cloud | Vertex AI / Hosting | US-Central1 |
| Vercel & PostHog | Telemetry / Edge Delivery | US-East |
| LinkedIn | Marketing Analytics | Global |
| Google Tag Manager | Tag Management & Analytics | Global |

## 07. COOKIE_&_TRACKING_PROTOCOL
We embed minimal tracking state in local browsers.

- **Essential Tokens:** Strictly required Session Tokens and Local Storage Objects necessary for authentication, security mitigation (CSRF / XSS protection), and state routing.
- **Analytical Scripts:** Aggregated node telemetry for system performance measurement.

### Jurisdictional Cookie Notices
- **USA (CCPA / CPRA):** You may decline non-essential local storage initialization via your browser preferences or by executing a formal opt-out request.
- **EU/EEA & UK (GDPR):** Non-essential tracking scripts (including Google Tag Manager analytics/marketing tags) are deployed strictly subject to your explicit, prior affirmative consent (opt-in). You may withdraw this consent at any time.

## 08. DATA_RETENTION_&_LIFECYCLE
Data persistence operates on a strict lifecycle framework:

- **RETENTION_PERIOD:** Discovery data: 3 years post-interaction. Contract data: Duration of engagement + 7 years (Florida legal precedent).
- **PURGE_PROTOCOL:** Automated CRON destruction upon state expiration. No manual intervention required.

---
**POLICY_VERSION:** 2026.02 · **GOVERNANCE_TYPE:** ENTERPRISE_GRADE · **COMPLIANCE_STATUS:** ACTIVE