Privacy & Data Protection Policy
TrueStele operates under strict regulatory constraints. This document details how we process client evidence, isolate database archives, and maintain custodian boundaries.
System Custodian Rules
Effective Date: May 23, 2026
1. Custodian Isolation Boundaries
TrueStele processes evidence but does not retain client documents centrally. When audit firms utilize our default storage systems, client evidence is housed inside isolated AWS S3 database buckets scoped strictly to their billing tenant. No cross-client data replication or access is permitted.
2. Privacy Vault Access Controls
For firms using our Privacy Vault add-on, TrueStele acts as a stateless intermediary. Client documentation remains inside the firm's private Google Drive or Microsoft OneDrive cloud. TrueStele retrieves documents temporarily using secure, short-lived OAuth authorization credentials, storing only a tamper-check fingerprint to verify data integrity under regulatory audits.
3. Permanent Retention & Deletions
Audit portfolios and locked archives remain stored in accordance with local country statute periods (e.g. 5 years under NDPA GAID guidelines). Administrators can request a secure, certified workspace deletion process upon client contract termination.
