Privacy Policy
Last updated: April 30, 2026
1. Who we are
This policy describes how TechnoEthos (“we”, “us”) handles information
when you use TEED — our web application for organizational ethics and compliance assessments,
evidence intake, scoring, and optional publication of public score summaries. TEED combines
a SvelteKit application with configured backends (for example a database and evaluation services
you or we host).
2. Information we collect
Depending on how you use TEED, we process:
- Account and session data. When you sign in with AT Protocol (OAuth), we store a small session payload in an httpOnly cookie (for example decentralized identifier (DID), handle, display
name, and related identity metadata). OAuth tokens used to act on your behalf with your host
are kept in server-side session storage, not in that cookie. In development, a non-production
sign-in mode may use a deterministic placeholder identity instead of a live PDS account.
- Organization workspace data (server database). If you create or join an organization
in TEED, we store workspace records such as org profile and slug, membership and roles, invitations
(and optional invitee email when someone sends an invite), products you register, assessment
drafts and results, and related metadata.
- Assessment and evidence content. You may submit structured intake
answers, notes, and evidence. We store evidence metadata (for example
filenames, types, storage references) and, when you run an assessment, browser-derived extraction payloads: structured summaries and signals
produced from document text processed in your browser — not raw binary files in the
common path. Exact retention of blobs vs metadata depends on your deployment.
- Onboarding and preferences. Survey-style onboarding steps and similar data
may be stored in our application database to route you into the right workspace experience.
- Optional email (magic link). If your deployment enables email sign-in or
invitations via email, we (or an email provider you configure) process the address needed
to deliver that message.
- AT Protocol records (when used). When you or your org publish material
to the AT Proto network (for example public score or registry records), those writes
create public or semi-public protocol data on the relevant PDS / repos according
to ATProto rules — separate from this policy’s database section and visible to anyone who
can read that network data.
- Technical data. Standard server and infrastructure logs (for example IP address,
user agent, timestamps, error diagnostics) as needed to operate and secure the service.
We do not use this policy to describe third-party products you evaluate inside
TEED; those vendors have their own privacy practices.
3. How we use information
We use the above to:
- Authenticate you and enforce organization permissions
- Provide assessments, store drafts and results, and show reports in the product
- Send requests to the TEED evaluation backend you configure (for example a
deterministic rules engine) to produce scores and findings from the intake you submit
- Run optional supplementary analysis (for example hosted enrichment) when
your deployment enables it
- Operate onboarding, support, and security monitoring
- Comply with law and protect rights, users, and the service
4. How we share information
We do not sell your personal information. We may share or disclose information:
- With infrastructure and service providers you or we use to run TEED (for
example hosting, database, email delivery, monitoring), solely to provide the service
- With evaluation or analysis backends configured in your environment, which
receive the assessment payloads required to return scores or narratives
- On the AT Protocol network when you or your organization choose to publish
records there — that data is governed by ATProto hosting and visibility, not by TEED’s private
database alone
- To comply with legal process, or to protect safety, rights, and integrity
- With your direction or consent
5. Security
We use administrative, technical, and organizational measures appropriate to the
deployment (for example access controls, encryption in transit for HTTPS, and secured
credentials). No method of storage or transmission is perfectly secure; you share
information with TEED at your own risk.
6. Retention
We keep information as long as needed to provide TEED, comply with law, resolve disputes,
and enforce agreements. Assessment and evidence retention may follow your organization’s
lifecycle in the product (for example until deleted by an authorized user or removed after
closure of a workspace). Published AT Proto records may persist on the network
independently after you stop using TEED.
7. Your choices and rights
Depending on your region, you may have rights to access, correct, delete, export, or
object to certain processing. Because TEED is often deployed for organization-controlled workspaces, many requests are best routed through your org administrator. You may also contact
us (below). We may need to verify your request and applicable law before responding.
8. International transfers
We and our subprocessors may process information in countries other than where you live.
Where required, we rely on appropriate safeguards or legal mechanisms for cross-border
transfers.
9. Cookies and similar technologies
We use a strictly necessary session cookie to keep you signed in. If we add
analytics or non-essential cookies in the future, we will update this policy and any applicable
consent flows.
10. Children
TEED is intended for adults and organizational use. It is not directed at children under
13, and we do not knowingly collect their personal information.
11. Changes
We may update this Privacy Policy from time to time. We will post the revised version here
and update the “Last updated” date. Where required, we will provide additional notice.