Home About Offerings Industries Contact Launch Map →
rsk.systems / legal / privacy-policy
Data Governance — Encrypted by Default
Private
AES-256 · TLS 1.3

Privacy Policy.

Document ID: RSK-PRIV-002
Version: 3.0
Effective: 2026
Jurisdiction: United States

RSK.Systems is built on the principle that data entrusted to us stays protected — from the moment of collection to the moment of deletion. This Policy details what we collect, why we collect it, and how we secure it.

Right to Access
Right to Correct
Right to Delete
Right to Port
Right to Object
01 Overview 02 Collection 03 Use of Data 04 Sharing 05 Retention 06 Security 07 Your Rights 08 Cookies 09 Transfers 10 Contact
Sections 10
Version 3.0
Effective 2026
Status ACTIVE
Protection Levels
Encryption
97%
Access Ctrl
100%
Audit Log
100%
3rd Party
0%
Related Documents
→ Terms of Use → Model Guidelines → Contact Privacy Team
Section I

Overview & Scope

This Privacy Policy ("Policy") describes how RSK.Systems ("RSK.Systems," "we," "us," or "our") collects, uses, stores, and protects personal and organizational data submitted to or collected by the RSK.Systems platform, website, and associated services ("Services").

This Policy applies to all Authorized Users of the platform, visitors to rsk.systems, and any individual or organization that submits information through our contact channels. By using the Services, you acknowledge and agree to the practices described herein.

⊕ Privacy by Design

RSK.Systems applies a privacy-by-design approach across our entire technical stack. Data minimization, purpose limitation, and storage limitation principles are built into our architecture — not bolted on as afterthoughts.

This Policy should be read in conjunction with our Terms of Use and Model Guidelines, which together constitute the complete legal framework governing your use of the platform.

Section II

Data Collection

RSK.Systems collects the minimum data necessary to deliver and improve the Services. We operate on a strict data minimization principle — if we don't need it to serve you, we don't collect it.

Expand each category below to understand exactly what we collect and why:

Identity & Authentication Data Collected

Name, organizational email address, job title, agency or company name, and authentication credentials. Collected during the vetting and onboarding process. Required to grant and manage authorized access to the platform. Passwords are stored using bcrypt hashing and are never stored in plaintext.

Platform Usage & Log Data Collected

IP addresses, session timestamps, API call patterns, pages visited, features accessed, and error logs. Collected automatically when you use the platform. Used for security monitoring, abuse detection, performance optimization, and audit trail maintenance. Retained for 12 months then automatically purged.

Voluntary Communications Collected

Content of messages, inquiry forms, and support requests you voluntarily send to RSK.Systems. Used solely to respond to your inquiry, improve our services, and maintain records for compliance purposes. Not shared with third parties.

Device & Technical Data Limited

Browser type, operating system, device type, and screen resolution. Collected to ensure platform compatibility and optimize the user interface. No device fingerprinting is performed beyond what is necessary for security verification. This data is anonymized for analytics purposes.

Financial & Payment Data Not Collected

RSK.Systems does not directly collect or store payment card numbers, banking details, or other financial instruments. Enterprise billing is handled through direct contract arrangements. Any payment processing, if applicable, is handled by PCI-DSS compliant third-party processors who maintain their own privacy policies.

Sensitive & Biometric Data Not Collected

RSK.Systems does not collect biometric identifiers, health information, racial or ethnic origin data, religious beliefs, political opinions, or sexual orientation from Authorized Users or website visitors. Subject data processed through the platform is governed separately by applicable customer data agreements.

Section III

Use of Your Data

Data collected by RSK.Systems is used exclusively for the following purposes. We do not use your data for advertising, profiling for commercial purposes, or sale to third parties — ever.

  • Providing, maintaining, and improving the RSK.Systems platform and associated Services.
  • Verifying the identity and authorization level of users accessing the platform.
  • Monitoring for unauthorized access, security incidents, and potential abuse of the platform.
  • Communicating with you regarding your account status, security alerts, and material policy changes.
  • Meeting legal obligations, responding to lawful requests from government authorities, and maintaining records required by applicable law.
  • Conducting internal analytics to understand platform performance, reliability, and user workflow patterns — using aggregated, anonymized data only.
⚠ Prohibited Uses

Your personal data is never used to train RSK.Systems' predictive models, never used for targeted advertising, and never sold, rented, or traded to any commercial third party. Violations of this principle would be a fundamental breach of our operational charter.

Section IV

Data Sharing

RSK.Systems does not sell, lease, or share your personal data with third parties for their commercial purposes. The only circumstances under which your data may be disclosed to a third party are as follows:

  • Service Providers: Trusted vendors who assist in operating our infrastructure (hosting, security monitoring, email delivery) under strict data processing agreements that prohibit secondary use.
  • Legal Compliance: In response to valid legal process, including court orders, subpoenas, or lawful requests from U.S. law enforcement agencies. We will notify affected users where legally permitted to do so.
  • Business Continuity: In the event of a merger, acquisition, or sale of substantially all assets, user data may transfer to the acquiring entity under equivalent or stronger privacy protections.
  • User Consent: Where you have provided explicit, informed written consent to a specific disclosure.

All third-party service providers are contractually required to maintain appropriate security standards and are prohibited from using your data for any purpose other than providing the specified service to RSK.Systems.

Section V

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. The following schedule governs our standard retention periods:

Data CategoryRetention PeriodBasisStatus
Account & Identity DataDuration of access + 3 yearsContractual obligationActive
Platform Usage Logs12 months rollingSecurity & auditActive
Communications & Support36 months from last interactionDispute resolutionLimited
Contact Form Submissions24 monthsBusiness recordsLimited
Payment Records7 yearsTax & legalLimited
Anonymous AnalyticsIndefinite (anonymized)Product improvementActive
Financial & BiometricNot applicableNot collectedN/A

Upon expiration of applicable retention periods, data is permanently deleted using NIST SP 800-88 compliant media sanitization procedures.

Section VI

Security Architecture

RSK.Systems implements enterprise-grade security controls across all layers of our infrastructure, consistent with the sensitivity of the environments our clients operate in. Our security architecture is not aspirational — it is operational and continuously validated.

  • Encryption at Rest: All stored data is encrypted using AES-256. Encryption keys are managed through a dedicated key management system with automatic rotation.
  • Encryption in Transit: All data transmitted between clients and our infrastructure is protected by TLS 1.3. Legacy protocol negotiation is disabled.
  • Access Controls: Role-based access control (RBAC) is enforced at every layer. Principle of least privilege is applied to all internal systems. Multi-factor authentication is mandatory for all administrative access.
  • Audit Logging: All access events, data queries, and administrative actions are logged in tamper-evident audit trails retained for 12 months.
  • Penetration Testing: Independent security assessments are conducted at least annually. Critical findings are remediated within 72 hours; high findings within 14 days.
  • Incident Response: A documented incident response plan is maintained and tested quarterly. In the event of a breach affecting personal data, affected users and applicable authorities will be notified within 72 hours of detection.
⊕ Responsible Disclosure

If you discover a security vulnerability in the RSK.Systems platform, please report it responsibly to info@rsk.systems before public disclosure. We commit to acknowledging reports within 24 hours and providing a remediation timeline within 7 days.

Section VII

Your Data Rights

Authorized Users of the RSK.Systems platform have the following rights with respect to their personal data. All requests are processed within 30 days of receipt, subject to identity verification and applicable legal restrictions.

01
Right of Access

Request a complete copy of all personal data held about you, including the categories of data, the purposes of processing, and any third parties with whom it has been shared.

02
Right to Rectification

Request correction of inaccurate or incomplete personal data. We will update records within 5 business days of a verified correction request.

03
Right to Erasure

Request deletion of your personal data where it is no longer necessary for the purpose collected, subject to legal retention obligations and active contractual relationships.

04
Right to Portability

Receive your personal data in a structured, machine-readable format (JSON or CSV) for transfer to another service provider of your choosing.

05
Right to Restrict Processing

Request that we limit processing of your data to storage only while a dispute about accuracy or lawfulness is resolved.

06
Right to Object

Object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

To exercise any of these rights, contact our Privacy Office at info@rsk.systems with the subject line "Privacy Rights Request." Identity verification is required before processing requests involving access to or deletion of personal data.

Section VIII

Cookies & Tracking

RSK.Systems uses a minimal set of cookies strictly necessary for platform functionality and security. We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling technologies.

  • Session Cookies: Essential cookies that maintain your authenticated session while using the platform. Expire when you close your browser or log out. Cannot be disabled without breaking core platform functionality.
  • Security Tokens: CSRF protection tokens and anti-replay tokens used to prevent common web attacks. Expire after each request and are rotated automatically.
  • Preference Cookies: Optional cookies that remember your display preferences (e.g., map view settings). Can be cleared at any time without impacting core functionality.

No third-party analytics platforms (Google Analytics, Mixpanel, etc.) are loaded on the RSK.Systems platform. Internal analytics are conducted using server-side log analysis on anonymized data only.

Section IX

International Transfers

RSK.Systems is an American company. Our primary infrastructure is located within the continental United States. Personal data collected by RSK.Systems is processed and stored within U.S. data centers operated by approved infrastructure providers.

  • Data is not routinely transferred to servers outside the United States. In limited circumstances where operational resilience requires geographic redundancy, backup data may be stored in approved U.S. territory or allied-nation data centers under equivalent security controls.
  • Any international transfer of personal data from users in jurisdictions with specific data transfer requirements (such as the EU/EEA) is conducted pursuant to applicable Standard Contractual Clauses or equivalent approved transfer mechanisms.
  • RSK.Systems does not transfer personal data to countries lacking adequate data protection frameworks without explicit contractual safeguards.
Section X

Privacy Contact

For all privacy-related inquiries, requests, and complaints, contact the RSK.Systems Privacy Office directly. We do not use automated ticketing systems — your message is received by a human member of our operations team.

⊕ Privacy Office

Email: info@rsk.systems · Subject line: "Privacy Inquiry" · Response time: 48 business hours · All communications treated with operational discretion.

  • For data subject rights requests, include your full name, organizational email on file, the specific right you wish to exercise, and any relevant details about the data in question.
  • For security vulnerability reports, use subject line "Security Disclosure" and include a technical description of the issue. We commit to 24-hour acknowledgment and responsible remediation timelines.
  • For complaints about our data handling practices, we request initial contact to allow us the opportunity to resolve the issue directly before escalation to regulatory authorities.

Document ID: RSK-PRIV-002 · Version 3.0 · © 2026 RSK.Systems™ · All Rights Reserved

Privacy is Not a Feature.
It's a Foundation.

Questions about how we handle your data? Our privacy team responds to every inquiry directly — no bots, no queues, no delays beyond 48 hours.

⇢ Contact Privacy Team View Terms of Use