Template language — prototype. Have counsel review and adapt before any production use.
Terms of Service
Conduit Enterprise ("the Service") provides crypto-enforced compartmented intake for ethics and whistleblower programs. The customer organization is the data controller for reports submitted through its channels; the provider is a processor.
The Service is provided per the active subscription plan and its channel/seat limits.
The customer is responsible for lawful operation of its program, vetting of seat holders, and response obligations under applicable whistleblower law.
Prototype builds use server-side keys and are not warranted for production until independent audit and production key custody are in place.
No warranty beyond what the signed order form provides; liability limited as set out there.
Privacy Notice
Anonymous intake. Reporters are not asked for name, email, or phone. No accounts.
No raw IP retention. Rate limiting uses a salted hash of the IP; raw IPs are not stored.
Encryption. Reports are encrypted to a per-channel key; only seats scoped to that channel can decrypt.
Retention. Each program may set a retention window after which report contents are wiped; the tamper-evident audit trail (no contents) remains.
No third-party trackers or analytics.
Your rights. Reporters and data subjects may exercise applicable GDPR/CCPA rights through the operating organization.
Scope. Processing limited to operating the intake service on the customer's instructions.
Security. Encryption in transit and per-channel encryption of report content; access compartmented by key; audit logging; security headers; rate limiting.
Data residency. EU-region hosting available on request for in-scope programs.
Breach. Provider notifies customer without undue delay on becoming aware of a personal-data breach.
Deletion. On termination or per retention policy, report contents are wiped.