# Pilot Data Addendum **GovProposal Operations · Operated by FedShredder** This Pilot Data Addendum ("**PDA**") supplements the mutual NDA and Pilot Sprint Statement of Work between **FedShredder** ("**Operator**") and the contracting entity identified in the Pilot Sprint intake form ("**Customer**"). --- ## 1. Scope of Customer Data "**Pilot Data**" means solicitation documents, amendments, attachments, prime contractor profile fields, past-performance excerpts, and derived working artifacts (extracts, compliance matrices, volume outlines) uploaded or provided by Customer for a Pilot Sprint or retainer engagement. Pilot Data does **not** include publicly available synopses Customer directs Operator to use for demonstration purposes without Customer identifiers. --- ## 2. Purpose Limitation Operator processes Pilot Data **solely** to: 1. Extract and structure Section L/M requirements and compliance traceability artifacts; 2. Produce volume maps, go/no-go flags, and formatted outlines specified in the SOW; 3. Support amendment refresh or re-shred under an active retainer, if contracted. Operator will **not** use Pilot Data to train, fine-tune, or improve foundation models, embeddings sold to third parties, or public model weights. --- ## 3. Classification & Handling | Data class | Handling | |------------|----------| | Source Selection Sensitive solicitations | Encrypted in transit (TLS 1.2+); access limited to assigned Operator personnel | | Prime profile / SAM identifiers | Used only for form-fill and matrix attribution; not published | | Derived matrices & outlines | Delivered to Customer; not posted on Operator marketing properties without written consent | Operator does **not** accept **classified** materials on the standard Pilot Sprint path. --- ## 4. Subprocessors Customer authorizes Operator to use the subprocessors listed in the current **Subprocessor Register** (`subprocessor-register.json`) included in the Security Pack. Operator will provide 30 days' notice before adding a subprocessor that processes Pilot Data, unless required for security remediation. Current primary subprocessor: **Google LLC (Gemini API)** — document extraction and structured requirement classification only. --- ## 5. Retention & Deletion | Phase | Retention | |-------|-----------| | Active Pilot Sprint | Duration of sprint + handoff | | Post-handoff | **30 days** unless Customer requests earlier deletion or extended retention in writing | | Backups | Same schedule as active systems; documented in enterprise contracts | Upon written deletion request or final handoff (Customer's choice as specified in SOW), Operator purges Pilot Data from active processing systems and requests subprocessor deletion where applicable. --- ## 6. Security Incidents Operator will notify Customer without undue delay (target: **72 hours**) upon confirming unauthorized access to Pilot Data affecting Customer's materials, with summary of scope and remediation steps. --- ## 7. Customer Responsibilities Customer represents that it has authority to provide Pilot Data, that materials are **unclassified** unless otherwise agreed in writing, and that redactions remove third-party confidential information Customer is not authorized to share. --- ## 8. Order of Precedence Conflict: executed SOW → this PDA → Security Pack summary → website marketing copy. --- **Version:** 1.0.0 **Effective:** 2026-05-25 **Contact:** intake@fedshredder.com