EU AI Act Article 50 — 20 days to seal |
Get passport
Privacy Policy
Last updated: 5 July 2026 · CSOAI Ltd (Companies House 16939677) · GDPR COMPLIANT UK GDPR COMPLIANT DEFENCE-GRADE
DEFONEOS is a sovereign-first platform. All data processing occurs on infrastructure you control. DEFONEOS can operate fully air-gapped with zero external data transmission. This policy covers the open-source software, the hosted enterprise tier, and government deployments.
1. Data Controller
CSOAI Ltd is the data controller for the DEFONEOS platform (open source, hosted enterprise, and government tiers).
- Company: CSOAI Ltd
- Companies House: 16939677
- Registered Office: London, United Kingdom
- R&D: Yorkshire, United Kingdom
- Data Protection Officer: Available on request (required for large-scale processing)
2. Data We Process
2.1 Open Source Tier (Free)
The open-source DEFONEOS software processes data entirely on your infrastructure. CSOAI Ltd does not receive any data from open-source deployments. The software itself may process:
- Sensor data: Satellite imagery, AIS positions, weather feeds, air quality, IoT telemetry — processed locally on your hardware
- Operational data: Unit positions, sensor readings, ISR pipeline outputs — stored in your local database
- System logs: SIGIL chain entries (Ed25519-signed audit records) — stored locally, immutable
2.2 Enterprise/Hosted Tier
For customers using CSOAI-hosted DEFONEOS infrastructure, we process:
| Data Category | Purpose | Examples |
| Account data | Provisioning & billing | Name, email, role, org |
| Authentication | Access control | Username, hashed password, MFA token |
| Usage telemetry | Service improvement | MCP call counts, latency metrics, error rates |
| SIGIL audit logs | Compliance proof | Ed25519-signed action records |
| Deployment config | Service operation | MCP server configs, BFT council settings |
2.3 Government/MOD Tier
Government deployments are sovereign and air-gapped. No data leaves the government network. CSOAI Ltd provides software and support but does not process government data. All processing occurs on Crown infrastructure.
3. Lawful Basis for Processing
| GDPR Basis | When Applied |
| Contract (Art 6(1)(b)) | Enterprise/hosted tier account provisioning and service delivery |
| Legal obligation (Art 6(1)(c)) | SIGIL audit retention, JSP 440/936 compliance records |
| Legitimate interests (Art 6(1)(f)) | Service telemetry, security monitoring, fraud prevention |
| Vital interests (Art 6(1)(d)) | Emergency response integrations (medevac, disaster response) |
| Public task (Art 6(1)(e)) | Government deployments under Crown authority |
4. Data Sovereignty Guarantees
DEFONEOS is architected for absolute data sovereignty:
- Air-gap operation: Full 30-MCP sensor suite, BFT council, ISR pipeline, and Cesium globe run on local hardware (Jetson Orin, Raspberry Pi, rack server). No internet required.
- No cloud dependency: Open-source tier has zero external calls. No telemetry, no phone-home, no analytics.
- SIGIL chain integrity: Every data access, AI decision, and system action is Ed25519-signed and hash-chained. Tampering is mathematically detectable.
- Geographic sovereignty: Enterprise tier can be deployed in UK-only, EU-only, or any sovereign region. No cross-border data flow without explicit configuration.
- Right to erase: Data deletion triggers SIGIL tombstone entries. Deletion is provable on the audit chain.
5. Retention & Deletion
| Data Type | Retention Period | Basis |
| Account data | Duration of contract + 30 days | Contract |
| SIGIL audit logs | 7 years minimum | JSP 440 / legal obligation |
| Billing records | 7 years | HMRC / Companies Act |
| Usage telemetry | 90 days | Legitimate interest |
| Authentication tokens | Session duration | Security |
| Open source data | User-controlled | N/A (your infrastructure) |
6. Data Sharing & Third Parties
DEFONEOS does not sell data. We do not share data with advertisers, data brokers, or third parties for commercial gain.
Data may be shared with:
- Cloud providers: Only for enterprise-hosted tier (customer-selected region). DPA in place.
- Legal authorities: Only under court order or statutory obligation. SIGIL-audited.
- Sub-processors: Listed in our DPA. Customer must approve before activation.
7. Your Rights Under GDPR
- Right of access (Art 15): Request a copy of all data we hold about you
- Right to rectification (Art 16): Correct inaccurate data
- Right to erasure (Art 17): "Right to be forgotten" — triggers SIGIL tombstone
- Right to restrict processing (Art 18): Limit processing temporarily
- Right to data portability (Art 20): Export your data in machine-readable format
- Right to object (Art 21): Object to processing based on legitimate interests
- Right not to be subject to automated decision-making (Art 22): See Section 9 below
To exercise any right, contact the Data Protection Officer. Response within 30 days (GDPR requirement).
8. SIGIL Audit Chain
DEFONEOS uses an Ed25519-signed hash chain for all data access events. This provides cryptographic proof of every data interaction — who accessed what, when, and what they did with it. The chain is:
- Immutable: Each entry is hash-linked to the previous. Tampering breaks the chain.
- Verifiable: Any third-party auditor can verify chain integrity using public keys.
- Ed25519-signed: Each agent, user, and system has a unique keypair. Actions are attributed.
- BFT-governed: The 33-node council validates critical data operations before execution.
9. AI Processing & Article 22 (Automated Decisions)
DEFONEOS includes AI capabilities (ISR pipeline, threat detection, ISR correlation, intuition engine). Under GDPR Article 22:
- No solely automated legal/significant decisions: DEFONEOS AI provides recommendations to human operators. Final decisions are made by authorised personnel.
- BFT council gate: Critical actions require 2/3 majority from the 33-node BFT council. This is a human-configurable threshold.
- Full audit trail: Every AI recommendation is logged with model version, input data, confidence score, and human override decision.
- Explainability: DEFONEOS provides decision rationale for all AI outputs. See ISR Pipeline.
10. Security Measures
- Post-Quantum Cryptography: ML-DSA-65 (Dilithium) + ML-KEM-768 (Kyber) — NIST PQC standards
- Zero Trust Architecture: Every request authenticated and authorised
- Ed25519 signatures: All inter-agent communications cryptographically signed
- Air-gap capability: Full offline operation for classified environments
- JSP 440 alignment: Manual handling controls mapped
- STRIDE threat model: Continuous threat modelling across all components
- Cyber Essentials: Application in progress (mandatory MOD baseline)
See Security Architecture for full details.
11. International Transfers
Default: No international transfers. The open-source tier operates entirely on your infrastructure. The enterprise tier can be configured for UK-only, EU-only, or any sovereign region.
Where international transfers are explicitly configured (e.g., NATO allied deployment), appropriate safeguards are in place: Standard Contractual Clauses (SCCs), adequacy decisions, or sovereign-to-sovereign agreements.
12. Children's Data
DEFONEOS is a defence and public services platform. We do not knowingly process children's data. The platform is not directed at individuals under 18.
13. Changes to This Policy
This policy may be updated as DEFONEOS evolves. Material changes will be announced via the SIGIL chain and this page. The "Last updated" date above reflects the most recent revision.
Data Protection Officer: Available via Contact Page
ICO (UK): ico.org.uk — UK supervisory authority
Lead EU Authority: Determined per customer jurisdiction
Complaints: You have the right to lodge a complaint with the ICO or your local data protection authority.
🐉 DEFONEOS — Sovereign Data. British Infrastructure. Forever.
CSOAI Ltd · Companies House 16939677 · GDPR · UK GDPR · JSP 440 · JSP 936