Legal
Last updated: March 18, 2025
This document describes how Aureum Aletheia collects, processes, stores, and protects data submitted through the platform. It supplements the Privacy Policy and is intended for institutional users with specific data governance requirements.
Aureum Aletheia classifies all data into three tiers:
Tier A — Identity Data. Account credentials and authentication tokens managed through Manus OAuth. No passwords stored by Aureum Aletheia.
Tier B — Evaluation Data. Company information submitted for evaluation: financial statements, governance documentation, cap table data, operational metrics, and any supporting materials. This data is treated as confidential and processed only for the purpose of generating evaluation outputs.
Tier C — Output Data. Structured evaluation outputs: deal memos, composite scores, risk classifications, and gap analyses. These are stored in the user's private portal and are accessible only to the account holder unless explicitly shared.
Evaluation data is processed in isolated environments. Capital provider accounts and company accounts operate on separate data rails. A capital provider cannot access the raw data submitted by a company, and vice versa. The only data that crosses the interface boundary is the standardized deal memo — and only with explicit company consent for pipeline sharing.
All data is stored on infrastructure provided by Manus. Storage is encrypted at rest using AES-256 or equivalent standards. Data is not stored in geographic regions that would subject it to jurisdiction-specific data access requirements without user consent.
Evaluation outputs are generated using AI language models. Submitted data is processed by these models for the purpose of generating structured evaluation outputs. Data submitted for evaluation is not used to train AI models. All AI-generated outputs are clearly identified as such in the platform interface.
Access to evaluation data is governed by role-based access controls operating on the principle of least privilege. Platform administrators have access to account metadata for operational purposes only. Evaluation data is not accessible to platform staff except where required to resolve a technical support request, and only with user consent.
Evaluation data is retained for 24 months following report delivery. Account data is retained for the life of the account. Upon account deletion request, all associated data is permanently deleted within 30 days. Deletion requests can be submitted to [email protected].
In the event of a data security incident, affected users will be notified within 72 hours of discovery. Notification will include: the nature of the incident; the categories of data affected; the steps taken to contain the incident; and the steps users can take to protect themselves.