PRIVACY POLICY

1.1 The "Data Plane" (Zero-Knowledge Guarantee)

MFour Labs warrants that the IronGrade Runtime and SPU Kernels are engineered with a strict "Local-Execution" architecture regarding your proprietary information ("Runtime Content").

• No Exfiltration of Content: We do not receive, access, store, or intercept the inputs (prompts), outputs (completions), or vector embeddings processed by the Software within your infrastructure.
• No Model Training: We expressly covenant that Runtime Content processed on your infrastructure is never utilized to train, fine-tune, or improve MFour Labs' foundation models or logic kernels.
• Stateless Inference: The AI inference logic operates entirely in the Customer's local memory (RAM). The Software does not persist Runtime Content to disk or transmit it to MFour Labs.

1.2 The "Control Plane" (Limited Technical Signals)

To ensure security and license validity, the Software maintains a minimal, separate low-bandwidth connection solely for:

• License Verification: Cryptographic validation of the Ed25519 Identity Key.
• Integrity Checks: Verifying that the SPU Kernel binary has not been tampered with (Anti-Malware).

1.3 Voluntary Diagnostic Support (The "Break-Glass" Clause)

While the default architecture prevents MFour Labs from accessing Runtime Content, the Licensee may, at their sole discretion, voluntarily transmit specific Diagnostic Logs to MFour Labs for the purpose of technical support (e.g., investigating a Low VIS Score event).

• Opt-In Only: Transmission of Diagnostic Logs is not automatic. It must be manually initiated by the Licensee (e.g., via the igc support push command or email submission).
• Limited Scope: Such data is processed strictly for Issue Remediation and is purged from MFour Labs' systems within 72 hours of ticket resolution.
• Anonymization: Licensee agrees to make reasonable efforts to redact sensitive PII from Diagnostic Logs before transmission.

3.1 Charter Assessment & Onboarding

• Eligibility Vetting: Analyzing your "Organizational Intelligence" and "Technical Assessment Data" to determine if your entity qualifies for the "Sovereign 50" Charter Program.
• Authority Verification: Cross-referencing your LinkedIn profile to validate your professional authority to bind the entity (KYB/KYC Due Diligence).

3.2 Service Delivery & Governance

• License Administration: Cryptographically verifying your Ed25519 Identity Keys against our Global Trust Registry to authorize or deny runtime access.
• Critical Security Signaling: Transmitting "Priority 1" Vulnerability Advisories or License Revocation Signals (in cases of breach or compromised keys) to ensure the integrity of the IronGrade network.

3.3 Commercial Administration

• Billing & Tax Compliance: Generating valid tax invoices (VAT/SVAT) and maintaining financial records as strictly required by the Inland Revenue Department (IRD) of Sri Lanka.

3.4 The "No-Monetization" Covenant

4.1 Dual-Topology Architecture

To ensure global accessibility while maintaining strict data sovereignty, MFour Labs utilizes a Bifurcated Storage Model that physically segregates Control Plane Data from Data Plane Assets.

• (a) Control Plane (Administrative Data): License validation records (Identity Keys) and commercial billing information are stored on enterprise-grade cloud infrastructure (AWS) located in secure jurisdictions (Singapore & USA). This data is Encrypted at Rest using AES-256-GCM standards.
• (b) Data Plane (Sovereign Runtime Content): SOVEREIGN LOCAL EXECUTION. The inputs (prompts), outputs (completions), and vector embeddings processed by the IronGrade Runtime do not leave the infrastructure designated by the Licensee, except where the Licensee expressly initiates a transfer under Section 1.3 (Voluntary Diagnostic Support). The Software is technically restricted from uninitiated cross-border transfer by its "Zero-Telemetry" compilation and air-gap compatible architecture.

4.2 Legal Basis for Transfer (PDPA Section 26)

For the limited transfer of Administrative Data to our cloud sub-processors, we comply with Section 26 of the Personal Data Protection Act, No. 9 of 2022 through the following statutory mechanisms:

• Performance of Contract [Sec 26(3)(b)]: The transfer is strictly limited to data necessary to perform the core functions of the Master Services Agreement (e.g., validating License Keys to prevent software lockout, processing invoices) at the request of the Licensee.
• Specified Instruments [Sec 26(2)]: We enforce binding commitments on our sub-processors (e.g., AWS, Stripe) via Data Processing Agreements (DPAs) that incorporate Standard Contractual Clauses (SCCs) consistent with the adequacy standards required by the Sri Lankan Data Protection Authority.

4.3 Legal Sovereignty & Jurisdiction

Notwithstanding the physical location of our cloud registry, MFour Labs (Pvt) Ltd. retains Exclusive Data Controllership over your Administrative Data.

• Governing Law: The legal jurisdiction governing the processing of your Account Data remains the Democratic Socialist Republic of Sri Lanka.
• No Independent Rights: We contractually prohibit our sub-processors from accessing, mining, or utilizing your data for their own commercial purposes (e.g., model training) independent of our specific instructions.

6.1 Technical Measures (Cryptographic Assurance)

• Encryption at Rest: All Administrative Data stored in our Control Plane is encrypted using AES-256-GCM (or higher industry standard) via AWS Key Management Service (KMS).
• Encryption in Transit: All network communication between the Licensee's infrastructure and our Control Plane is secured via TLS 1.3 with Perfect Forward Secrecy (PFS).
• Supply Chain Integrity (The "Tamper-Proof" Guarantee): The IronGrade Runtime binaries are cryptographically signed using offline Ed25519 keys. The runtime is engineered to strictly refuse to execute any kernel, update, or logic module that lacks a valid, untampered digital signature from MFour Labs. We maintain a strict Software Bill of Materials (SBOM) to track all third-party dependencies.

6.2 Organizational Measures (Access & Governance)

• Principle of Least Privilege (PoLP): Access to the License Registry and Production Keys is restricted to a strictly limited subset of authorized engineers on a documented "need-to-know" basis.
• Strong Authentication: Administrative access to our production environment requires Phishing-Resistant Multi-Factor Authentication (MFA) (e.g., FIDO2/WebAuthn Hardware Keys). Use of SMS-based 2FA is strictly prohibited for privileged accounts.
• Personnel Screening: All personnel with potential access to production systems are bound by strict Confidentiality Deeds and undergo rigorous background checks—including Sri Lanka Police Clearance Certificates and Global Sanctions Screening (UN/OFAC Watchlists)—prior to employment.

6.3 Incident Response Protocol

In the event MFour Labs becomes aware of a Personal Data Breach affecting your Administrative Data (e.g., a compromise of the Control Plane), we shall:

• Notify: Alert the Licensee's designated technical contact without undue delay (and in any event within 72 hours) after becoming aware of the breach.
• Contain: Immediately isolate the compromised vector to prevent further data loss.
• Report: Provide a preliminary Incident Impact Statement outlining the nature of the breach, the data categories affected, and the remedial actions taken. (Regulatory Note: We also maintain protocols to notify the Data Protection Authority of Sri Lanka where required by Section 23 of the PDPA.)

6.4 Independent Verification (The "Audit Shield")

To demonstrate compliance while protecting our Intellectual Property and maintaining our "Zero-Trust" posture:

• Verification: Upon written request, Enterprise Licensees may receive a Redacted Executive Summary of our latest third-party Penetration Test and Vulnerability Assessment Report.
• Artifact Audit Right: Licensees are expressly permitted to perform Black-Box Security Testing and Vulnerability Scanning on the IronGrade Runtime Binaries (.spu files) deployed within their own infrastructure, provided that such analysis is limited to vulnerability detection and strictly excludes reverse engineering, decompilation, or model weight extraction.
• Prohibition on Source Code Inspection: To preserve the integrity of our cryptographic signing environment and protect Undisclosed Information (Trade Secrets) under Section 160 of the Intellectual Property Act, No. 36 of 2003, MFour Labs does not grant direct physical audits of its source code repositories, internal premises, or private development servers. This exclusion is a mandatory control to prevent IP theft and insider threats.

6.5 Vulnerability Management & Patching Liability

MFour Labs maintains a continuous vulnerability management program. In the event a Critical Security Vulnerability ("CVE") is discovered in the IronGrade Runtime:

• Patch Delivery: We undertake to use commercially reasonable efforts to publish a signed security patch or mitigation instruction to the Secure Registry within a timeframe commensurate with the severity of the risk.
• Client Obligation (The "Air-Gap" Reality): Due to the sovereign, local-execution nature of the Software ("Bring Your Own Infrastructure"), the Licensee acknowledges that MFour Labs cannot remotely push updates to the Licensee's environment. The Licensee is solely responsible for "pulling" and applying security patches from the registry in a timely manner.
• Liability Waiver for Unpatched Systems: MFour Labs (Pvt) Ltd. shall not be liable for any Data Breach, loss, or damage resulting from the Licensee's failure to install a security patch published to the Registry within a reasonable period (typically 72 hours for Critical Severity updates) after notification of its release.

7.1 Distinction of Environments

To ensure technical clarity and data sovereignty, MFour Labs maintains a strict physical and logical separation between our public web properties and our secure runtime environments.

7.2 Categorization of Markers (Schedule A)

We classify markers under PDPA Section 6 and EU ePrivacy Directive standards.

7.3 The "No Ad-Tech" Covenant

MFour Labs EXPRESSLY WARRANTS that we do not deploy advertising trackers, retargeting pixels, or third-party behavioral profiling scripts (e.g., Meta Pixel, Google Ads).

• No Session Replay: We strictly prohibit tools that capture keystrokes or screen interactions (e.g., Hotjar, FullStory).
• No Data Brokerage: We do not sell, trade, or share device fingerprints with third-party data brokers.

7.4 Global Privacy Control (GPC) & DNT Signals

We respect the Global Privacy Control (GPC) specification. If your browser broadcasts a "Do Not Track" or GPC signal, our systems automatically:

• Suppress all non-essential telemetry or analytics markers.
• Honor the "Opt-Out" preference without requiring manual intervention or "Cookie Wall" barriers.
• Comply with the automated opt-out mandates recognized under global privacy frameworks.

8.1 Periodic Review

MFour Labs (Pvt) Ltd. reserves the right to amend this Policy to reflect technical advancements in the IronGrade Protocol, changes in our processing activities, or updates to the Sri Lankan Personal Data Protection Act (PDPA).

8.2 Notification of Material Changes

• Advance Notice: Material changes—defined as updates that significantly impact your statutory rights, Lawful Basis for processing, or our core "Zero-Telemetry" guarantees—will be communicated to all active License Key holders via their registered Institutional Email at least thirty (30) days prior to the effective date.
• Minor Updates: Non-material changes (e.g., typographical corrections or administrative clarifications) will be reflected by updating the "Effective Date" and "Version Number" at the top of this Policy. Continued use of the Software after such updates constitutes acknowledgement of the revised standards.

8.3 Right to Object & Termination

In accordance with Section 14 (Withdrawal of Consent) and Section 16 (Erasure) of the PDPA, you have the right to object to any material change prior to its Effective Date.

• Effect of Objection: Because this Policy is integral to the security and legal operation of the IronGrade Software, objecting to a material change may necessitate the termination of your License Agreement.
• Sovereign Decommissioning (The "Graceful Sunset"): Where an objection leads to termination, the Parties will enter a Transition Period to ensure a secure and orderly decommissioning of the Software artifacts from the Licensee's infrastructure. MFour Labs will provide the necessary technical signals to facilitate a safe system shutdown without compromising the Licensee's wider data environment.

8.4 Archive & Transparency

To maintain a transparent audit trail for corporate compliance and "Adequacy" verification:

• Version History: MFour Labs maintains a permanent archive of all prior versions of this Policy.
• Audit Access: Active Licensees may request previous versions via privacy@mfourlabs.dev to conduct internal compliance audits or historic risk assessments.
• Appeals: In the event of a dispute regarding a policy update or a refused request, Data Subjects may appeal to the Data Protection Authority of Sri Lanka as prescribed under Section 19 of the PDPA (as amended by Act No. [X] of 2025).

9.1 Response & Verification Protocol