Privacy by Design Policy

Sovereign Shield Platform & StructuralIntel.org Website

Last Updated: April 5, 2026

This document constitutes the official Privacy by Design Policy of StructuralIntel.org Inc. It governs two distinct operating environments: (1) the Sovereign Shield Platform Application, which operates under a Near Zero-Data Architecture; and (2) the StructuralIntel.org Website, which operates under a user-controlled consent model. Each environment is governed by a separate privacy model, as described below.

Privacy is not promised here. It is engineered.

PART 1: SOVEREIGN SHIELD PLATFORM — APPLICATION PRIVACY POLICY

The Sovereign Shield Platform is built on a strict Near Zero-Data Architecture and fully adheres to the seven foundational principles of Privacy by Design. The Application is engineered so that personal identifiers never enter, pass through, or become accessible to the system. Privacy is enforced at the architectural level, by design and by default. Each individual platform, fully sovereign and licensable individually, will each have their own Privacy Policies.

1. Redaction of Personal Information

The Application redacts the collection, processing, storing, transmitting, or retaining of personally identifiable information There is nothing to breach, extract, or misuse.

2. Source-Level PII Stripping

We strive to redact PII before ingestion, at the point of origin. Therefore, No identifiable data ever enters the Application under any operational condition, including:

• Names and addresses

• Email addresses and phone numbers

• Social Security numbers, credit card numbers, and government-issued identifiers

• License plate numbers

• PII embedded within unstructured text fields, notes, or free-form data entries

3. Token Model

Following source-level stripping, the Application retains only:

• Non-reversible cryptographic tokens

• Non-reversible aggregates

• Structural metadata that will be highly difficult to be linked to any individual

No re-identification of any individual is technically possible, in theory, from retained token data. The Application cannot request, retrieve, or read CRM data or live identifiers from any third-party system or the system will be voided.

4. Scope of Service — Redaction Service Provider

StructuralIntel.org Inc. operates exclusively as a data redaction service provider. The Platform's responsibility and liability are strictly limited to the performance of redaction functions within the defined ingestion boundary established at client onboarding.

StructuralIntel.org Inc. is not the data controller, data custodian, or system architect of the client's broader data environment. The client retains full responsibility for data governance, system configuration, and access controls outside the Platform's sovereign boundary.

StructuralIntel.org Inc. does not warrant or guarantee any specific outcome. The Sovereign Shield Platform is architecturally designed to redact all PII within its defined ingestion boundary. Independent production testing has demonstrated a 100% redaction result across 500,000 records processed under controlled conditions. This result reflects system performance within a defined sovereign boundary and does not constitute a warranty or guarantee of any specific outcome in any client deployment. StructuralIntel.org Inc. expressly disclaims liability for PII exposure resulting from external vectors outside the Platform's documented sovereign boundary, including but not limited to user-initiated API connections, third-party integrations, email-borne data ingestion paths, or system configurations introduced by the client outside the Platform's architecture.

5. No Retention / No Surveillance

The Application includes no profiling, no logging of user identity, and no persistent identifiers. Analytics, where present, are aggregate and non-identifiable, used solely to support client business operations. There is nothing to breach, extract, or misuse.

6. No Sale or Monetization of Data

Sovereign Shield Platform. does not sell, trade, or monetize user data in any form. User browsing activity is not used for advertising or profiling purposes.

We do not sell your personal information. California residents may exercise their right to opt-out of 'sharing' (targeting) via our Usercentrics consent banner.

7. Transparency and Auditability

The Application is designed to align with or exceed the requirements of the following frameworks:

• Privacy by Design — All 7 Foundational Principles

• NIST Privacy Framework

• OECD Privacy Guidelines

• GDPR Data Protection by Design and by Default

• GDPR Data Minimization Standard (exceeded)

• CCPA / CPRA Core Requirements

• HIPAA Safe Harbor De-identification Standard

• Municipal Public-Record Minimization Standards

8. Client-Specific Sovereign Boundary Agreement

At onboarding, StructuralIntel.org Inc. and the client jointly define and document the sovereign boundary — the specific endpoints, ingestion paths, and integration points through which the Platform's redaction service applies. This boundary definition constitutes the scope of StructuralIntel.org Inc.'s service obligation.

Any data pathway, endpoint, or integration point outside the documented boundary remains the sole responsibility of the client. StructuralIntel.org Inc. is not liable for PII exposure occurring through undeclared, unauthorized, or client-modified pathways.

The client is responsible for:

• Notifying StructuralIntel.org Inc. of any changes to their data environment

• Maintaining accurate and current endpoint documentation

• Ensuring all active data pathways are included in the boundary agreement

StructuralIntel.org Inc. will provide reasonable support to update boundary definitions as the client's environment evolves. The sovereign boundary agreement is a living document, reviewed and updated as required.

Conclusion: The StructuralIntel OS™ enforces privacy at the architectural level. Privacy is not promised — it is engineered. The Application is structurally incapable of retaining or processing personal data beyond its defined sovereign boundary.

9. Right to Erasure (Right to be Forgotten) We fully recognize and support the data subject's right to request the deletion of their personal information under GDPR (Art. 17), CCPA, and other applicable laws. Because our Near Zero-Data Architecture is engineered to redact and incinerate PII at the point of ingestion, we typically hold no identifiable data to delete. However, if a user believes any identifiable information has persisted within our sovereign boundary, they may submit a formal deletion request to admin@structuralintel.org. We will respond to and fulfill all valid erasure requests within the legally required timeframe.

10. Payment Security & PCI Compliance All financial transactions on StructuralIntel.org are processed through Stripe, a global leader in secure payment infrastructure. StructuralIntel.org Inc. does not store, transmit, or have access to your full credit card numbers or CVV codes. All payment data is encrypted and handled directly by Stripe in compliance with PCI-DSS (Payment Card Industry Data Security Standard). Your billing information is used solely for transaction processing and recurring subscription management as authorized by you.

11. Children- StructuralIntel.org is not intended for users under 18 (or 16 in the EU). We do not knowingly collect data from children

12. Data Breach - In the event of a documented data breach within our sovereign boundary, we will notify affected parties and relevant authorities within 72 hours, in accordance with applicable law.

13. Reasonable Accommodation: StructuralIntel.org Inc. is committed to accessibility and the rights of individuals with disabilities. We provide reasonable accommodations for all users and clients in accordance with the Americans with Disabilities Act (ADA) and applicable state laws. For accommodation requests, contact admin@structuralintel.org.

14. Third-Party Service Transparency

Because the Website is self hosted (only where consented), all third-party service providers are disclosed via the consent banner. No service activates without explicit user opt-in. Users remain in control at all times.

StructuralIntel.org Inc. maintains active Data Processing Agreements (DPAs) with all third-party sub-processors to ensure data is handled according to the standards defined in this policy

PART 2: STRUCTURALINTEL.ORG WEBSITE — PRIVACY POLICY

The StructuralIntel.org website operates under a separate privacy model from the Sovereign Shield Platform Application. The Website uses a user-controlled consent model supported by the Usercentrics Consent Management Platform. This section applies to the Website only.

Note: The Website is currently hosted on Wix, which utilizes standard industry tracking tools outside of StructuralIntel.org Inc.'s direct control. We have taken extraordinary technical steps to harden this site and minimize data footprint. Full sovereign hosting is planned as platform development progresses.

1. User-Controlled Consent

The Website uses Usercentrics to ensure:

• No cookies load until the user provides explicit consent

• No analytics run without explicit opt-in

• No third-party scripts activate automatically

• All data categories can be individually toggled by the user

• Users may withdraw consent at any time with immediate effect

2. Full Transparency

Users are fully informed of:

• What each cookie or script does

• What data it may collect

• Who provides the tool (e.g., Wix, Google)

• Why the tool is used

3. Data Minimization

The Website collects only what users explicitly authorize. If consent is withheld, no data is collected, no tracking occurs, and no optional services load.

4. Respect for User Intent

Consent may be accepted, rejected, partially accepted, or withdrawn at any time. All changes take effect immediately. StructuralIntel.org Inc. does not override, bypass, or delay user consent choices.

5. No Sale or Monetization of Data

StructuralIntel.org Inc. does not sell, trade, or monetize user data in any form. User browsing activity is not used for advertising or profiling purposes.

We do not sell your personal information. California residents may exercise their right to opt-out of 'sharing' (targeting) via our Usercentrics consent banner.

6. Third-Party Service Transparency

Because the Website is hosted on Wix and may utilize optional integrations such as Google Analytics (only where consented), all third-party service providers are disclosed via the consent banner. No service activates without explicit user opt-in. Users remain in control at all times.

StructuralIntel.org Inc. maintains active Data Processing Agreements (DPAs) with all third-party sub-processors to ensure data is handled according to the standards defined in this policy

7. Separation from Application Data

No data collected on the Website is connected to, shared with, or used by the Sovereign Shield Platform Application. The two environments operate under completely separate data models with no shared data pathways

8. Data Deletion Requests

If you have provided information through a Website form or AI chatbot interaction and wish to have it deleted, contact us at admin@structuralintel.org. We will honor all deletion requests to the extent permitted by law. AI chat interactions may be forwarded to us by email for follow-up purposes only and are never sold or shared.

Conclusion: The StructuralIntel.org Website implements Privacy by Design through user-controlled consent, full transparency, and strict data minimization. Users control what data is shared — if any. The Website maintains a complete and permanent separation from the zero-data Sovereign Shield Platform Application.

8. Right to Erasure & Data Deletion Requests Users of the StructuralIntel.org Website have the absolute right to request the deletion of any personal data collected through website forms, chatbot interactions, or consented analytics. To exercise your Right to Erasure, please contact us at admin@structuralintel.org. We will permanently delete all requested records from our website hosting and communication logs immediately upon verification, in full compliance with global privacy standards.

Section 9: Updated Data Access Transparency Table — StructuralIntg

Data Category Access Provider Purpose of Access User Control

Site Hosting Wix.com Core website hosting & infrastructure Mandatory for site load

Security & CDN Cloudflare Global DDoS protection & WAF security Mandatory for site safety

Site Integrity Google Search Email/website/browser security & health Mandatory for security

Console

Consent Usercentrics Managing & recording privacy choices Mandatory for compliance

Management

Analytics Google Analytics Monitoring site traffic patterns Opt-in only via banner

Targeted Ads Google Ads Marketing tracking & conversion cookies Opt-in only via banner

Social Ads Meta Social media marketing & retargeting Opt-in only via banner

(FB/Instagram)

Logic Flows Mautic Sovereign automation & messaging logic Opt-in / opt-out only

(Self-Hosted)

SMS Delivery Twilio Infrastructure for message transmission Standard "STOP" to end

We do not sell your personal information. California residents may exercise their right to opt-out of 'sharing' (targeting) via our Usercentrics consent banner.

11. Children- StructuralIntel.org is not intended for users under 18 (or 16 in the EU). We do not knowingly collect data from children

12. Data Breach - In the event of a documented data breach within our sovereign boundary, we will notify affected parties and relevant authorities within 72 hours, in accordance with applicable law.

CERTIFICATION

This Privacy by Design Policy accurately reflects the architectural and operational privacy practices of StructuralIntel.org Inc. as of the date stated above. This document will be reviewed and updated whenever material changes occur to the Platform, Website, or applicable legal requirements. The date of last update will always reflect the most current version.

Fred Laurenzo

CEO & Inventor

StructuralIntel.org Inc. | Rochester, Minnesota

admin@structuralintel.org

April 5, 2026