Data Policy

How we handle veteran data

The Promise

Your data is yours. We process it to help you. We protect it like it's classified. We never sell it. Period.

Data Flow

Veteran uploads C-file ↓ TLS 1.3 encrypted transport ↓ AEAD encryption at rest (AES-256-GCM, unique DEK per file) ↓ CFileFlattener extracts structured data (stays in your account) ↓ Detection engines scan for errors (processing only, not stored separately) ↓ LLM analysis via Claude/Gemini (data in transit only — not stored by provider) ↓ Findings held in Human Approval Gate (pending your review) ↓ You approve → Stamped output with Makaivelli seal You reject → Findings discarded, returned for revision ↓ All processing logged in audit trail (immutable, 7-year retention)

What Happens to Your Data at Each Stage

StageWhat HappensWhere Stored
UploadEncrypted with unique DEKMinIO (S3-compatible)
FlatteningJSON extracted from C-filePostgreSQL (encrypted)
ScanningEngines process in memoryNot persisted separately
LLM AnalysisSent to Claude/Gemini APIIn transit only — NOT stored by provider
FindingsStored as scan resultsPostgreSQL (encrypted)
ApprovalHeld in approval gateIn-memory (audit-logged)
OutputStamped and deliveredPostgreSQL + your device

LLM Provider Data Handling

Anthropic (Claude)

  • ·Data sent via API is NOT used to train Claude models
  • ·Data is NOT stored after processing
  • ·We use the API, not the consumer product

Anthropic privacy policy: anthropic.com/privacy

Google (Gemini)

  • ·Data sent via API is NOT used to train Gemini models (paid API)
  • ·Data is NOT stored after processing

Google AI API terms: ai.google.dev/terms

Data Isolation

  • ·Each veteran's data is logically isolated by account
  • ·No cross-account data access
  • ·No aggregate analysis across veteran accounts
  • ·AI models trained ONLY on synthetic data (5,021 synthetic profiles)

Deletion

When you delete your account:

  • ·All uploaded files permanently deleted within 72 hours
  • ·All scan results permanently deleted within 72 hours
  • ·Account information retained 90 days for legal compliance, then deleted
  • ·Audit logs retained 7 years (legal requirement), anonymized
  • ·Deletion is irreversible — we cannot recover deleted data

Breach Notification

In the event of a data breach:

  • ·Affected users notified within 72 hours
  • ·Nature and scope of breach disclosed
  • ·Steps taken to contain and remediate
  • ·Guidance for affected users
  • ·Regulatory authorities notified as required by law

Contact

Questions about how we handle your data?
privacy@makaivelli.com

© 2026 Makaivelli LLC. All rights reserved.

Privacy PolicyTerms of ServiceHome