Skip to main content

Security

Security & data handling

Source Selection Sensitive handling for Pilot Sprints—clear boundaries, subprocessors named, deletion on request.

NDAs and Pilot Sprint engagements are executed with FedShredder LLC. Pack version 1.0.0.

One-page data handling summary for PM, capture, or CISO—before live upload.

Verifiable security pack

Download the full packet: SHA-256 checksum manifest, subprocessor register, controls matrix, and verification report (all PDF).

Every pack file is listed in security-pack-manifest.pdf with a SHA-256 checksum. CISOs can verify integrity before review.

Get-FileHash -Algorithm SHA256 "marketing\public\security\pilot-data-addendum.pdf"

    Spot-check 1 · Subprocessor register

    Open subprocessor-register.pdf — confirm Google Gemini API is listed with purpose limitation and terms URLs.

    subprocessor-register.pdf

    Spot-check 2 · No-training commitment

    Open pilot-data-addendum.pdf §2 — confirm Pilot Data is not used to train foundation models.

    pilot-data-addendum.pdf

    Spot-check 3 · Control scope and status

    Open controls-matrix.xlsx — confirm control scope and implementation status are explicitly stated for pilot evaluation.

    controls-matrix.xlsx

    Spot-check 4 · Artifact integrity

    Hash any pack PDF (SHA-256) and compare to the matching entry in security-pack-manifest.json (canonical) or security-pack-manifest.pdf.

    security-pack-manifest.pdf

    Spot-check 5 · Claim verification

    Open security-pack-verification-report.pdf — each claim lists repo file paths and extracted snippets.

    security-pack-verification-report.pdf

Handling model

  • Solicitation packages are treated as Source Selection Sensitive—not used to train foundation models.
  • Pilot data is processed only to deliver the contracted matrix, volume map, and go/no-go artifacts.
  • We do not publish client solicitations, matrices, or identifiers on this website.

Retention & deletion

  • Pilot Sprint files are retained only for the sprint duration plus a 30-day handoff window unless your contract specifies otherwise.
  • Upon final deliverable handoff—or on written request—we purge uploaded RFPs, working extracts, and derived artifacts from active systems.
  • Backups, if any, follow the same deletion schedule documented in the Pilot Data Addendum.

Ingest rules

  • Evaluation: unclassified public solicitations or redacted Section L excerpts after entity verification (UEI/CAGE).
  • Live pursuits: mutual NDA + Pilot Data Addendum executed before secure upload.
  • We do not accept classified materials on the standard Pilot Sprint path.

Subprocessors

Subprocessors are limited to document extraction and structuring for matrix delivery. Pilot Data is not used to train foundation models (Pilot Data Addendum).

Full register: subprocessor-register.pdf · subprocessor-register.json

Roadmap

Standard Pilot path: unclassified solicitation artifacts, Source Selection Sensitive handling, assigned sprint reviewers only, deletion on request. Customer-specific control frameworks (e.g., CMMC, NIST 800-171) are scoped at enterprise intake—not implied by the public matrix sample.

Enterprise security intake

Include approximate FTE, concurrent pursuits, and any customer security questionnaire requirements.