PROTOCOL: PRIVACY_AND_INTEL

Privacy & Intel Protocols

Our operating procedures are designed to protect the integrity of your data. We operate on a need-to-know basis, ensuring every byte of information is fortified against unauthorized access.

ENCRYPTION: AES-256 ACTIVE
SIGNAL: SECURED
UPTIME: 99.998%
يتم الاحتفاظ بهذا المستند باللغة الإنجليزية، وهي النسخة الملزمة قانونًا. توفر الترجمات في الواجهة لأغراض التسهيل فقط.
01 / COLLECT

DATA COLLECTION [INTEL GATHERING]

person

ACCOUNT DATA

Identifiers, clearance levels, and authentication hashes required for node entry.

analytics

LAB LOGS

Full telemetry of virtual environment interactions and vulnerability exploitations.

event

CALENDAR SYNC

Optional, for anyone who connects a Google Calendar: we read only your busy/free times (never event titles or contents) to adjust bookable availability, and — using a dedicated calendar our app creates — we add or remove events for sessions you book. We store an encrypted refresh token; disconnecting erases the data and revokes our access.

smart_display

YOUTUBE PUBLISHING

Administrators only: when an admin connects our official YouTube channel, we upload lesson videos to it as unlisted, update their titles and descriptions, and delete them when a lesson is removed. We access only videos our app creates on our own channel and store an encrypted refresh token; disconnecting revokes our access.

videocam

SESSION RECORDINGS

When you take part in a live one-to-one or group session, it is recorded and transcribed as standard — audio, video, shared screens, and chat — and you are notified while recording is active. Through AI session insights (on by default; off in your profile) we generate transcripts, notes, and personalised feedback, on our own systems and via Anthropic's Claude. Recordings and transcripts are kept for up to 12 months. We never sell them or share them with a third party to train its models.

STRICT_MODE: ACTIVE LOG_LEVEL: PERFORMANCE_ONLY PII_FILTER: ENFORCED
02 / ANALYZE

DATA USAGE

Collected telemetry is used exclusively for operational analysis. We analyze your progression to calibrate training difficulty and ensure curriculum efficacy.

  • check_circle Optimize curriculum delivery speed
  • check_circle Detect anomalous system behavior
  • check_circle Benchmark against industry standards
05 / PROTECT

DEFENSIVE MEASURES

encrypted

Zero-Trust Architecture

Verification is required for every access request, regardless of origin.

shield

At-Rest Encryption

All intellectual assets are scrambled using FIPS 140-2 compliant algorithms.

03 / SHARE

ENCRYPTION & EXFILTRATION

DEFENSE_GRID does NOT sell operator intel to external entities. Data is only shared with authorized processors (e.g., Stripe for encrypted payments).

04 / RIGHTS

OPERATOR RIGHTS

Access Rectify Extract Purge

Access and export your data, or erase your account, from your Operator Profile. To rectify details or make any other request, contact us.

06 / CONTROLLER & PROCESSORS

Who controls your data

The data controller for DEFENSE_GRID is ORIGIN TEN LTD (trading as Korra Studio), a company registered in England & Wales under company number 13753392, with its registered office at Building 2, 1st Floor, C/O Elsg, Croxley Green Business Park, Watford, England, WD18 8YA. For any privacy question or to exercise your rights, contact build@korra.studio.

Processors we use

We share the minimum data necessary with vetted processors who act only on our instructions under a data-processing agreement:

  • Keycloak (self-hosted identity provider) — stores your login credentials and authentication data.
  • Amazon Web Services — hosting, database, and file storage (profile images, course media).
  • Stripe — payment processing and subscription billing. We never see or store your full card details.
  • Email delivery — transactional messages (account, billing, and support notifications).
  • Google APIs — Google Calendar (read-only busy/free access, plus a dedicated app-created calendar for your booked-session events) and, for administrators, the YouTube Data API (uploading and managing lesson videos on our own channel). Governed by Google's API Services User Data Policy, including its Limited Use requirements.
  • Anthropic (Claude API) — where a session is recorded and you have AI insights switched on, Claude helps transcribe, summarise, and analyse it so we can generate notes and feedback. Anthropic processes this under its commercial terms and does not use your content to train its models. Some AI analysis also runs on our own self-hosted models on our own infrastructure.
07 / LEGAL BASIS

Why we can process it

We process account and training data to perform our contract with you (providing the service), billing data to comply with legal obligations (tax/accounting), and security logs under our legitimate interest in keeping the platform safe. Recording and transcription are a standard, disclosed condition of live sessions, processed to deliver, review, and safeguard them on the basis of our contract with you and our legitimate interest in running the service safely. AI session insights are on by default; you can withdraw them at any time in your profile, which also stops any use of your recordings to improve our own models.

08 / RETENTION

How long we keep it

We keep your data while your account is active. If you delete your account, personal and training data is erased immediately; billing records are retained only as long as tax and accounting law requires. Session recordings and transcripts are kept for up to 12 months and then deleted; you can ask us to delete a recording sooner.

09 / TRANSFERS

Where it's processed

Your data is hosted in the United Kingdom (AWS London, eu-west-2). Where a processor (such as Stripe) transfers data outside the UK/EEA, that transfer relies on an adequacy decision or Standard Contractual Clauses.

10 / COMPLAINTS

Right to complain

If you believe we've mishandled your data you can lodge a complaint with your supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk).

11 / GOOGLE API SERVICES

Google API Services

Korra Studio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we never sell it, and we do not allow humans to read it except with your consent, for security, or where required by law.

This application uses YouTube API Services to upload and manage lesson videos on our own channel. Your use of that feature is also governed by the YouTube Terms of Service and Google's Privacy Policy:

YouTube Terms of Service · Google Privacy Policy

security

Secured Learning Environment

Your focus should be on the code, not the risks. We handle the fortification so you can handle the innovation.