Privacy Policy
& Data Governance
1. The Audit Sanctuary
As algorithmic compliance auditors for the financial sector, we handle the most sensitive assets of your institution: your code, your datasets, and your compliance logs. This policy details how La Rose de Diane (publisher of Main Street Brigade) ensures the absolute confidentiality and legal integrity of your data.
2. Nature of Collected Data
As part of our EU AI Act compliance and algorithmic forensic services, we process two distinct categories of data:
- Administrative & Contact Information: Name, company, role, email, and scoping details submitted via our secure forms for scheduling calibration calls.
- Audited Assets (Strictly Confidential): Training datasets, model weights, API flow logs, bias stress-test results, and internal MLOps documentation transmitted during active audit or forensic mandates.
3. The Zero-Retention & Air-Gapped Commitment
To execute bias audits, ISO 42001 gap analyses, and algorithmic reverse engineering, we deploy sovereign stress-testing frameworks. We formally guarantee that:
- Your proprietary algorithms, financial data, and code are never used to train, fine-tune, or improve any public or private Large Language Models (LLMs) or Machine Learning systems.
- All audits are conducted in secure, isolated environments (air-gapped or encrypted sandboxes) preventing any external data leakage.
- Main Street Brigade operates purely as a diagnostic entity. We extract metrics, prove compliance, and immediately purge the source data from our testing environments.
4. Sovereign Subcontracting
To ensure secure data transfer and audit report generation, we rely on certified sovereign cloud infrastructure providers. All our technology partners adhere to the strictest GDPR standards and operate under absolute business secrecy SLAs.
5. Retention of Evidence
We apply a strict data minimization policy aligned with auditing standards:
- General Contact Data: Retained for 3 years from the last commercial contact.
- Audit Evidence & Forensic Logs: Kept only for the legal duration required to justify your CE Marking or ISO 42001 certification to Notified Bodies. If no legal retention is required, source files (datasets, model weights) are securely destroyed immediately upon delivery of the final compliance report.
6. Security & GDPR Rights
We implement robust cryptographic and organizational measures to protect your digital assets against unauthorized access. In accordance with European regulations, you possess the right to access, rectify, limit, erase, and port your personal data.
To exercise these rights, initiate a digital chain of custody request, or ask a question to our Data Protection Officer (DPO), please use the Contact page of our secure website.