Your Data, Your Control
Data Governance & Privacy Framework for Enterprise Construction
Version: 1.0 Published: January 2026 Classification: Public Document Type: Trust & Security Whitepaper
Executive Summary
The Concern:
Enterprise customers rightfully ask: "Who owns our data?" In an age where AI capabilities often come at the cost of data privacy, and where some technology vendors monetize customer information without explicit consent, these concerns have become barriers to construction technology adoption. The fears are legitimate: data used to train models that help competitors, proprietary pricing leaked through aggregated benchmarks, and vendor lock-in through data hostage tactics.
Our Commitment:
Your data belongs to you. Period.
We are stewards, not owners. We NEVER train AI models on your data for other customers. We NEVER sell or share your data. You can take your data and leave at any time.
What This Paper Covers:
- Data ownership principles and contractual guarantees
- Multi-tenant data architecture and isolation mechanisms
- AI and your data: explicit policies on what we do and do not do
- Data retention and your absolute right to delete
- Third-party data sharing policies
- Privacy compliance (GDPR, CCPA, and beyond)
- Data portability and exit rights
- Certifications and third-party validation
Bottom Line:
We built MuVeraAI to be the platform you can trust with your most sensitive project data. These are not marketing promises - they are contractual guarantees with legal enforceability.
Table of Contents
- Data Ownership Principles
- Data Architecture - Built for Isolation
- AI and Your Data
- Data Retention & Your Right to Delete
- Third-Party Data Sharing
- Privacy Compliance Framework
- Data Portability & Exit Rights
- 7.1 No Vendor Lock-In
- 7.2 Export Capabilities
- 7.3 Export Process
- 7.4 Transition Support
- Certifications & Third-Party Validation
- Conclusion & Commitment
- Appendices
Section 1: Data Ownership Principles
1.1 The Fundamental Question
"Who owns my data?"
This is the right question to ask. In fact, we believe every enterprise should ask this question of every technology vendor, every time. The construction industry has witnessed decades of unclear data practices: vendors who treat customer data as their own asset, platforms that hold data hostage during contract negotiations, and increasingly, AI providers who train their models on customer information without meaningful consent.
The construction industry faces unique data sensitivity concerns:
-
Proprietary Pricing and Estimation Data: Your cost databases represent decades of accumulated knowledge - labor productivity rates, material pricing relationships, subcontractor performance data. This is competitive intelligence that would directly benefit rivals if exposed.
-
Competitive Bid Information: Project pipelines, bid strategies, win/loss patterns, and pricing approaches are among the most closely guarded secrets in construction.
-
Safety Records and Incident Reports: Beyond the obvious privacy concerns for workers involved in incidents, safety data patterns reveal operational insights and could impact insurance premiums and client relationships.
-
Client Relationships and Project Pipelines: Information about which owners you work with, upcoming projects in your pipeline, and relationship dynamics is strategically sensitive.
-
Worker Personal Information: Social security numbers, immigration documentation, certification records, and health information for potentially thousands of workers across your projects.
In construction, your data IS your competitive advantage. Cost databases, productivity metrics, estimation models, client relationships - this is proprietary intelligence built over decades. You should be rigorous about who has access to it.
1.2 Our Data Ownership Principles
We have established six foundational principles that govern every aspect of how we handle your data. These principles are non-negotiable and apply uniformly to all customers.
| Principle | Our Commitment | |-----------|----------------| | 1. Ownership | You own all data you input, generate, and derive on our platform. We claim no ownership rights whatsoever. | | 2. Stewardship | We are custodians of your data, not owners. We hold it in trust for your benefit only. | | 3. Non-Exploitation | We will NEVER sell, license, monetize, or derive revenue from your data in any way. | | 4. Non-Training | We will NEVER use your data to train AI models that benefit other customers or our general products. | | 5. Portability | You can export ALL your data at any time, in standard formats, at no additional cost. | | 6. Deletion | You can request complete deletion of all your data at any time, and we will comply fully. |
THE SIX PRINCIPLES OF DATA TRUST
================================
[OWNERSHIP] [STEWARDSHIP] [NON-EXPLOITATION]
| | |
Your data is We hold your We never sell,
always yours data in trust license, or
monetize
| | |
============================================================
|
YOUR DATA
|
============================================================
| | |
[NON-TRAINING] [PORTABILITY] [DELETION]
| | |
Never used to Export all, Complete removal
train AI for any time, on request
others free
1.3 Contractual Guarantees
These principles are not marketing statements. They are contractual obligations.
Data Processing Agreement (DPA) Provisions:
Every customer receives a comprehensive Data Processing Agreement that explicitly codifies:
- Your status as the Data Controller (you determine the purposes and means of processing)
- Our status as a Data Processor (we process only on your instructions)
- Explicit prohibitions on unauthorized use of your data
- Technical and organizational measures we implement to protect your data
- Sub-processor management and notification obligations
- Audit rights and evidence provisions
- Data breach notification procedures
- Data return and deletion obligations upon contract termination
Master Service Agreement (MSA) Language:
The MSA reinforces these principles through:
- Clear intellectual property provisions confirming your ownership of all customer data
- Explicit restrictions on our use of customer data
- Confidentiality obligations that survive contract termination
- Liability provisions if we breach these commitments
What Happens If We Violate These Terms:
Our contracts include meaningful remedies:
- Immediate breach notification obligations
- Your right to terminate for material breach
- Liability for damages resulting from unauthorized data use
- Indemnification for third-party claims arising from our breach
- Specific performance obligations for data return and deletion
We put these principles in the contract, not just the marketing materials. If we violate them, you have legal recourse.
Section 2: Data Architecture - Built for Isolation
2.1 Multi-Tenant Architecture Overview
Multi-tenancy - serving multiple customers from shared infrastructure - is the standard architecture for modern SaaS platforms. It provides cost efficiency and enables rapid feature delivery. However, multi-tenancy requires careful design to ensure that one customer's data can never be accessed by another customer.
Our architecture was designed from the ground up with data isolation as a core requirement, not an afterthought. Every layer of our system enforces tenant boundaries.
MUVERAAI MULTI-TENANT DATA ARCHITECTURE
========================================
Firm A Firm B Firm C
| | |
v v v
[Tenant A Context] [Tenant B Context] [Tenant C Context]
| | |
[Auth Token] [Auth Token] [Auth Token]
[Tenant ID: A] [Tenant ID: B] [Tenant ID: C]
| | |
+----------+-----------+-----------+---------+
|
v
+-------------------------+
| API GATEWAY |
| - Token Validation |
| - Tenant Extraction |
| - Rate Limiting |
+------------+------------+
|
v
+-------------------------+
| APPLICATION LAYER |
| - Tenant Context |
| - Business Logic |
| - Every Query Scoped |
+------------+------------+
|
+------------+------------+------------+
| | | |
v v v v
[Tenant A [Tenant B [Tenant C [Shared
Schema] Schema] Schema] Config
| | | Only]
v v v
Encrypted Encrypted Encrypted
at Rest at Rest at Rest
(AES-256) (AES-256) (AES-256)
| | |
v v v
[Tenant A [Tenant B [Tenant C
KMS Key] KMS Key] KMS Key]
Why Construction Firms Need Strict Isolation:
The consequences of data leakage between tenants are severe in construction:
- Competitive Exposure: If a competitor sees your cost data, they gain unfair advantage in competitive bids
- Client Confidentiality Breach: Exposing one owner's project information to another could violate NDAs and damage relationships
- Regulatory Liability: Worker personal information is protected by numerous regulations
- Professional Liability: Architectural and engineering data carries professional responsibility
2.2 Data Isolation Mechanisms
We implement five distinct layers of isolation, each providing defense-in-depth:
| Layer | Mechanism | What It Prevents | |-------|-----------|------------------| | 1. Logical | Tenant ID on every record | Data query leakage - no record can be retrieved without tenant context | | 2. Application | Tenant context in every request | Application-level access - middleware enforces tenant boundaries | | 3. API | Authentication + tenant verification | Unauthorized API access - tokens are tenant-scoped | | 4. Database | Row-level security, schema separation | Database-level access - queries physically cannot return cross-tenant data | | 5. Infrastructure | Network segmentation, dedicated resources (enterprise) | Infrastructure-level access - network isolation prevents lateral movement |
Technical Implementation Details:
Logical Isolation:
- Every table in our database includes a
tenant_idcolumn - A PostgreSQL Row-Level Security (RLS) policy is applied to every table
- The RLS policy references the current session's tenant context
- Queries cannot physically return rows for other tenants, even if application code has a bug
Application Isolation:
- Every HTTP request passes through middleware that extracts and validates tenant context
- The tenant context is propagated through all service calls
- Every database query includes a mandatory tenant filter
- We run static analysis to detect any query that might bypass tenant filtering
API Isolation:
- JWT tokens include encrypted tenant claims
- Token validation confirms the requesting user belongs to the claimed tenant
- Rate limiting is applied per-tenant to prevent resource exhaustion attacks
- API keys are scoped to specific tenants and cannot be used cross-tenant
Database Isolation:
- For standard deployments: schema-level separation with RLS
- For enterprise deployments: dedicated database instances available
- All database connections use tenant-specific credentials where possible
- Database audit logging captures all access attempts
Infrastructure Isolation:
- Network security groups restrict traffic between services
- Secrets are stored per-tenant in HashiCorp Vault
- Enterprise customers can opt for dedicated compute resources
- We support data residency requirements (keep data in specific regions)
2.3 Encryption at Every Layer
Your data is encrypted in every state:
| State | Encryption | Standard | Implementation | |-------|------------|----------|----------------| | In Transit | TLS 1.3 | All API communications | All HTTP traffic is HTTPS; we enforce HSTS and reject downgrade attempts | | At Rest | AES-256 | All database storage | Database-level encryption using cloud KMS integration | | Backups | AES-256 | All backup archives | Backups are encrypted before leaving the database server | | Application | Field-level encryption | Sensitive fields (SSN, financials) | Additional encryption for PII using application-managed keys |
Key Management:
We use industry-standard key management services with comprehensive controls:
- Key Storage: AWS KMS, Azure Key Vault, or GCP Cloud KMS depending on deployment
- Customer-Managed Keys: Enterprise customers can bring their own keys (BYOK), maintaining exclusive control
- Key Rotation: Automatic rotation policies ensure keys are regularly refreshed
- HSM Backing: Master keys are protected by hardware security modules (FIPS 140-2 Level 3)
- Key Access Logging: Every key usage is logged and auditable
ENCRYPTION ARCHITECTURE
=======================
[Your Data]
|
v
+--------------------+
| TLS 1.3 | <-- In Transit
| (All Traffic) |
+--------------------+
|
v
+--------------------+
| Field-Level | <-- Application Layer
| Encryption | (Sensitive Fields)
| (AES-256-GCM) |
+--------------------+
|
v
+--------------------+
| Database | <-- At Rest
| Encryption |
| (AES-256) |
+--------------------+
|
v
+--------------------+
| Backup | <-- Archival
| Encryption |
| (AES-256) |
+--------------------+
|
v
+--------------------+
| KMS/HSM | <-- Key Protection
| (FIPS 140-2 L3) |
+--------------------+
2.4 Access Control
Access to your data is governed by comprehensive controls following the principle of least privilege:
Role-Based Access Control (RBAC):
- Predefined roles (Administrator, Project Manager, Field Engineer, etc.) with appropriate permissions
- Roles are assigned at the organization, project, or resource level
- Role inheritance follows a secure hierarchy
Attribute-Based Access Control (ABAC):
- Fine-grained permissions based on user attributes, resource attributes, and context
- Example: "A Safety Manager can view safety incidents only for projects in their region"
- Policies are defined declaratively and enforced consistently
Access Control Hierarchy:
ACCESS CONTROL HIERARCHY
========================
Organization Level
|
+-- Organization Administrators (full access within org)
|
+-- Project Level
|
+-- Project Managers (full project access)
|
+-- Project Members (role-based access)
|
+-- Document Level
|
+-- Document Owners (full document access)
|
+-- Document Viewers (read-only)
|
+-- Restricted Documents (explicit grant required)
MuVeraAI Employee Access:
- Our employees do not have standing access to customer data
- Support access requires explicit authorization from our security team
- All support access is logged with full audit trail
- Support sessions can be time-limited (just-in-time access)
- Enterprise customers can require approval before we access their data
Section 3: AI and Your Data - What We Do and DON'T Do
3.1 The AI Data Concern
The rise of AI has made data concerns more acute than ever. The question is no longer just "who can see my data?" but "is my data being used to train AI models that could benefit my competitors?"
This concern is legitimate. Some AI providers explicitly state that they train on customer data to improve their models. Others are ambiguous about their practices. In the construction industry, the implications are significant:
- Your cost data trained into a general model could help competitors bid more accurately against you
- Your safety patterns could reveal operational insights you have spent years developing
- Your project data could expose client relationships and business strategies
- Your estimation approaches could be learned and replicated by others
In the age of AI, data concerns are legitimate. Some AI providers DO train on customer data, improving their models at your expense, potentially benefiting your competitors. We take a fundamentally different approach.
3.2 What We NEVER Do With Your Data
We maintain explicit, non-negotiable prohibitions on how your data is used:
| Practice | Our Policy | |----------|------------| | Train general AI models | NEVER. Your data is never used to train models that serve other customers. | | Sell data to third parties | NEVER. We do not sell, license, or monetize your data in any form. | | Share with competitors | NEVER. Your data is never visible to or shared with any other customer. | | Use for benchmarking | NEVER without explicit opt-in. We do not include your data in industry benchmarks unless you specifically consent. | | Mine for insights to sell | NEVER. We do not analyze your data to create market intelligence products. | | Allow AI provider training | NEVER. Our contracts with AI providers explicitly prohibit training on your data. |
What about the AI providers we use?
We integrate with AI providers including OpenAI and Anthropic to deliver AI capabilities. Our enterprise agreements with these providers explicitly prohibit them from using your data to train their models. This is not a terms-of-service assumption - it is a negotiated contractual provision.
When we send your data to an AI provider:
- Your data goes in
- The AI response comes out
- Nothing is retained
- Nothing is used for training
This is contractually guaranteed in our agreements with these providers.
3.3 What We DO With Your Data (Transparently)
We use your data only in ways that directly benefit you:
| Use | Purpose | Your Benefit | |-----|---------|--------------| | Deliver the service | Process your requests, run AI agents, execute platform functions | You get the features you are paying for | | Improve YOUR experience | Train models specific to YOUR organization (only with consent) | AI that learns your specific patterns, terminology, and preferences | | Provide support | Access to diagnose issues (with comprehensive audit trail) | Problems get solved; you can see exactly what we accessed | | Security monitoring | Detect threats, anomalies, and potential breaches | Your data stays protected from attackers | | Aggregate analytics (opt-in only) | Anonymous, aggregate industry benchmarks | If you choose to participate, you can see how you compare to industry averages |
The Critical Distinction:
Training a model FOR you (to improve your specific experience) is fundamentally different from training ON you (to improve products for others). We do the former only with your explicit consent. We never do the latter.
When you opt in to organization-specific AI training:
- The trained model is yours alone
- It runs in your tenant context only
- Other customers never benefit from your data
- You can delete the model and underlying training data at any time
3.4 Technical Implementation of AI Data Isolation
We have implemented comprehensive technical controls to ensure AI data isolation:
Ephemeral Processing:
- Data sent to AI providers is processed and immediately discarded by the provider
- No caching or retention by AI providers
- Request/response logging on our side only (in your tenant)
Zero Feedback to General Models:
- Our API integrations with AI providers use enterprise endpoints
- These endpoints are contractually prohibited from using data for training
- We verify this through regular contractual reviews and technical audits
Tenant-Specific Model Training (Optional):
- If you choose to train custom AI models
- Training happens within isolated compute environments
- Training data never leaves your tenant boundary
- Models are stored in your tenant-specific storage
Audit Trail:
- Every AI interaction is logged
- Logs show what data was sent, when, to which AI service
- Logs are retained according to your retention policy
- You can export AI interaction logs at any time
AI DATA FLOW - YOUR DATA STAYS YOURS
====================================
Your Request
|
v
+---------------------------+
| MuVeraAI Platform |
| |
| - Extract request |
| - Apply PII filtering |
| (configurable) |
| - Add task context |
| - Log in YOUR tenant |
+------------+--------------+
|
v
+---------------------------+
| AI Provider API |
| |
| - Zero retention policy |
| - No training on data |
| - Enterprise agreement |
| - Ephemeral processing |
+------------+--------------+
|
v
+---------------------------+
| Response Handling |
| |
| - Validate response |
| - Log in YOUR tenant |
| - Store in YOUR tenant |
| - Audit trail complete |
+------------+--------------+
|
v
Your Result (in YOUR tenant only)
Section 4: Data Retention & Your Right to Delete
4.1 Our Data Retention Philosophy
Your data retention policy should be YOUR decision, not ours.
We provide the tools and flexibility for you to manage data retention according to your corporate policies and regulatory requirements. We do not impose arbitrary retention requirements that serve our interests at the expense of yours.
Core principles of our retention approach:
- Your data, your timeline: You decide how long data is retained
- No hostage situations: We do not hold data hostage for commercial leverage
- Regulatory flexibility: We support compliance with various retention requirements
- Transparent processes: You can see what data exists and what retention policies apply
4.2 Default Retention Policies
We provide sensible defaults based on construction industry standards, all of which are configurable:
| Data Type | Default Retention | Configurable? | Rationale | |-----------|-------------------|---------------|-----------| | Active project data | Duration of subscription | No minimum | Your active work remains available | | Completed projects | 7 years | Yes - shorter or longer | Aligns with construction statute of repose in most jurisdictions | | Audit logs | 7 years | Yes - can extend | Supports compliance and dispute resolution | | User activity logs | 2 years | Yes | Balances security monitoring with privacy | | Deleted items | 30 days (soft delete) | Yes - immediate permanent delete available | Allows recovery from accidental deletion | | Backups | 90 days rolling | Yes | Disaster recovery while managing storage |
Configuration Options:
- Retention policies can be set at the organization level
- Project-specific retention can override organization defaults
- Regulatory holds can be applied to specific data sets
- Automatic purge schedules can be configured
4.3 Your Right to Delete
We honor the GDPR "Right to Erasure" globally - not just for EU data subjects, but for all customers regardless of location.
How to Request Deletion:
| Scope | Process | Timeline | |-------|---------|----------| | Individual records | Self-service in platform | Immediate | | Bulk deletion | Admin tools | Minutes to hours | | Project deletion | Admin confirmation required | Same day | | Complete account deletion | Support request | Within 30 days (backup purge) |
What Happens When You Delete:
- Immediate removal from active production systems
- Removal from backups within 30 days (as backup rotation completes)
- Cryptographic erasure for encrypted data - we destroy the encryption keys, rendering data unrecoverable even if storage media persists
- Verification confirmation provided upon request
What We Retain After Deletion:
- Anonymized, aggregated metrics only - statistical data with no way to identify your organization
- Legal hold exceptions - if there is an active legal hold (disclosed to you), affected data is preserved
- Billing records - as required by tax and accounting regulations, we retain transaction records
When you say delete, we mean DELETE. Not "archive," not "anonymize," not "move to cold storage." Your data is cryptographically erased from our systems.
4.4 Compliance with Regulatory Retention Requirements
Different jurisdictions and contract types impose different retention requirements:
Construction Industry Standards:
- Statute of repose periods (typically 6-12 years depending on jurisdiction)
- Professional liability insurance requirements
- Warranty period documentation
Government Contract Requirements:
- FAR 4.703 retention requirements (6 years from final payment)
- FedRAMP requirements for federal data
- State and local agency requirements
How We Help You Comply:
- Legal hold functionality: Preserve specific data beyond normal retention
- Retention policy templates: Pre-configured for common regulatory requirements
- Export before delete: Create archives before purging data
- Retention reporting: Demonstrate compliance with retention policies
- Custom retention rules: Match your specific contractual or regulatory requirements
Section 5: Third-Party Data Sharing
5.1 Our Third-Party Sharing Policy
Our default position is clear: We do not share your data with third parties.
The only exceptions require your explicit authorization for purposes you specify with parties you approve.
We share your data with third parties only when YOU tell us to, for purposes YOU specify, with parties YOU approve.
5.2 When We Might Share (With Your Permission)
All third-party data sharing requires your explicit configuration and consent:
| Scenario | Example | What's Required | |----------|---------|-----------------| | Integration connections | Sync to your Procore, SAP, Oracle, or other systems | You configure the integration and provide credentials | | Subcontractor collaboration | Share specific project data with trade partners | You explicitly invite them and define what they can access | | Client reporting | Send reports to project owners | You initiate and authorize each share | | Third-party analytics | Connect to your business intelligence tools | You provide the connection credentials and authorize data flow | | Document sharing | Distribute drawings or specifications | You select recipients and authorize distribution |
Controls You Have:
- Granular permissions - share specific projects, documents, or data types
- Time-limited access - set expiration dates for shared access
- Audit trails - see who accessed shared data and when
- Revocation - immediately revoke shared access at any time
- Notification - receive alerts when shared data is accessed
5.3 Our Sub-Processors
A sub-processor is any third party that processes your data on our behalf to provide our services. We maintain a complete, current list of sub-processors:
Infrastructure Sub-Processors:
| Sub-Processor | Purpose | Data Accessed | Location | |---------------|---------|---------------|----------| | Amazon Web Services | Cloud infrastructure | All platform data (encrypted) | US, EU (based on deployment) | | Microsoft Azure | Alternative cloud option | All platform data (encrypted) | US, EU (based on deployment) | | Google Cloud Platform | Alternative cloud option | All platform data (encrypted) | US, EU (based on deployment) |
AI/ML Sub-Processors:
| Sub-Processor | Purpose | Data Accessed | Contractual Protections | |---------------|---------|---------------|------------------------| | OpenAI | AI model inference | Query data (ephemeral) | Zero retention, no training agreement | | Anthropic | AI model inference | Query data (ephemeral) | Zero retention, no training agreement |
Operational Sub-Processors:
| Sub-Processor | Purpose | Data Accessed | |---------------|---------|---------------| | Stripe | Payment processing | Billing information only | | Datadog | Infrastructure monitoring | System metrics (no customer data) | | Twilio | SMS notifications | Phone numbers (opt-in only) | | SendGrid | Email delivery | Email addresses for notifications |
Our Contractual Protections with Sub-Processors:
Every sub-processor agreement includes:
- Data processing obligations equivalent to our DPA with you
- Prohibition on secondary use of data
- Security requirements and audit rights
- Breach notification obligations
- Data return and deletion requirements
Sub-Processor Change Notification:
We publish our sub-processor list on our website and update it when changes occur. You can:
- Subscribe to sub-processor change notifications
- Object to new sub-processors within 30 days
- Terminate if we add a sub-processor you cannot accept
5.4 Government & Legal Requests
We have clear policies for responding to government and legal requests for your data:
Our Approach:
-
Notify You: We will notify you of any government or legal request for your data unless legally prohibited from doing so
-
Challenge Overbroad Requests: We will challenge requests that we believe are legally deficient, overbroad, or not properly served
-
Provide Minimum Required: If we are compelled to produce data, we will produce only what is legally required
-
No Mass Surveillance: We have never provided bulk access to customer data for surveillance purposes; we would challenge any such demand
-
Transparency Reporting: We are committed to publishing transparency reports detailing the volume and nature of requests received
What This Means in Practice:
- If we receive a subpoena for your data, we will notify you (unless prohibited)
- You will have the opportunity to file a motion to quash before we produce
- We will not voluntarily provide data without your consent
- We will resist demands that we believe are improper
Section 6: Privacy Compliance Framework
6.1 Global Privacy Compliance
We apply the highest privacy standard globally - not just where legally required. All customers receive GDPR-level protections regardless of their jurisdiction.
| Regulation | Jurisdiction | Our Compliance Status | |------------|--------------|----------------------| | GDPR | EU/EEA | Full compliance; DPA available | | UK GDPR | United Kingdom | Full compliance | | CCPA/CPRA | California | Full compliance | | PIPEDA | Canada | Full compliance | | LGPD | Brazil | Full compliance | | POPIA | South Africa | Full compliance | | Privacy Act | Australia | Full compliance | | PDPA | Singapore | Full compliance |
We apply the highest privacy standard globally, not just where legally required. GDPR-level protections for all customers, everywhere.
What GDPR-Level Compliance Means:
- Clear legal basis for all processing
- Data minimization - we collect only what is necessary
- Purpose limitation - we use data only for stated purposes
- Storage limitation - we do not retain data longer than necessary
- Integrity and confidentiality - technical measures to protect data
- Accountability - documented policies and procedures
6.2 Key Privacy Rights We Honor (For All Customers)
Regardless of where you are located, we honor comprehensive privacy rights:
| Right | Description | How to Exercise | |-------|-------------|-----------------| | Right to Access | Obtain a copy of all personal data we hold | Self-service data export; formal request to DPO | | Right to Rectification | Correct inaccurate personal data | Self-service profile editing; support request | | Right to Erasure | Delete personal data ("right to be forgotten") | Self-service deletion; formal request to DPO | | Right to Portability | Receive data in structured, machine-readable format | Export to JSON, CSV, XML; API access | | Right to Object | Opt out of certain types of processing | Privacy settings; communication preferences | | Right to Restrict | Limit processing in certain circumstances | Account settings; formal request to DPO | | Right to Information | Know what data we collect and how we use it | Privacy policy; this whitepaper; DPO inquiries | | Right to Human Review | Contest automated decisions | Request manual review of any AI-driven decision |
Response Times:
- Routine requests: 5 business days
- Complex requests: Up to 30 days (with notification)
- Urgent requests: Expedited handling available
6.3 Privacy by Design
Privacy is not an afterthought in our platform - it is built into every feature from the beginning:
Privacy Impact Assessments:
- Every new feature undergoes privacy review
- Risk assessment before launch
- Documentation of privacy considerations
- Mitigation measures for identified risks
Data Minimization:
- We collect only what is necessary for the service
- Default settings favor privacy
- Optional data collection is clearly disclosed
Purpose Limitation:
- Data is used only for stated purposes
- New uses require new consent
- Clear documentation of processing purposes
Privacy-Protective Defaults:
- Sharing is off by default
- Analytics are opt-in
- Notifications respect preferences
- Public profiles are opt-in
Technical Privacy Measures:
- Pseudonymization where possible
- Encryption throughout
- Access controls on personal data
- Audit logging of personal data access
6.4 Data Protection Officer
We maintain a dedicated Data Protection Officer (DPO) responsible for:
- Overseeing privacy compliance
- Responding to data subject requests
- Advising on privacy impact assessments
- Serving as contact point for supervisory authorities
- Training employees on privacy obligations
Contact Our DPO:
For privacy concerns, data subject requests, or questions about our privacy practices:
- Email: dpo@muveraai.com
- Response time: Within 5 business days
- Escalation: Direct escalation path to executive leadership
Section 7: Data Portability & Exit Rights
7.1 No Vendor Lock-In
We believe in earning your business through value, not holding your data hostage.
Full data portability is not a grudging compliance measure - it is a feature we are proud of. If you decide to leave, we want to make that transition as smooth as possible. Our goal is to be so valuable that you choose to stay, not to make leaving so painful that you feel trapped.
We believe if you cannot easily leave, you are not really choosing to stay. Full data portability is not a concession - it is a feature we are proud of.
Our Exit Rights Commitment:
- Export all your data at any time
- No additional fees for data export
- No artificial delays or obstacles
- Standard, open formats
- Ongoing API access during transition
- Support available for migration assistance
7.2 Export Capabilities
You can export all your data in standard, open formats:
| Data Type | Export Formats | What's Included | |-----------|----------------|-----------------| | Project data | JSON, CSV, XML, PDF | All project metadata, status, relationships | | Documents | Original files, PDF | All uploaded files in original format | | BIM models | IFC, native formats, glTF | 3D models in industry-standard formats | | Reports | PDF, Excel, CSV | All generated reports and analyses | | Schedules | XML (MS Project compatible), P6 XER, CSV | Full schedule data with dependencies | | Cost data | CSV, Excel, JSON | Cost estimates, budgets, actuals | | Safety records | CSV, PDF, JSON | All safety inspections, incidents, training | | Quality records | CSV, PDF, JSON | Inspections, NCRs, punch lists | | Audit logs | JSON, CSV | Complete activity history | | Complete database | SQL dump, JSON | Enterprise: full database export |
Format Standards:
- We use open, documented formats wherever possible
- Schema documentation is provided with exports
- Field mappings to common industry standards are documented
- Sample import scripts for common target systems are available
7.3 Export Process
Self-Service Exports:
- Available 24/7 through the platform
- No approval required for your own data
- Real-time for most data types
- Progress tracking for large exports
Process Timeline:
| Export Type | Typical Turnaround | |-------------|-------------------| | Individual records | Immediate | | Project data | Seconds to minutes | | Document archives | Minutes to hours (depends on size) | | Complete account export | 24-48 hours | | Full database dump (Enterprise) | 24-48 hours |
No Artificial Barriers:
- No additional fees for exports
- No throttling or rate limiting that prevents export
- No data degradation or field stripping
- No format that is proprietary or undocumented
7.4 Transition Support
If you decide to move to another platform, we will help make that transition successful:
Transition Assistance:
- Dedicated transition support contact
- API access maintained during transition period (typically 90 days post-termination)
- Schema documentation and field mappings
- Sample import scripts for common platforms
- Best practices guide for data migration
What We Do Not Do:
- No "poison pill" data degradation
- No sudden API access termination
- No hostage pricing for extensions
- No hidden export fees
- No data deletion before you have extracted everything
Transition Timeline Example:
TYPICAL TRANSITION TIMELINE
===========================
Day 0: Notice of termination
|
Day 1-30: Active transition period
|--- Export all data
|--- Verify completeness
|--- Test in new system
|
Day 30: Service ends
|--- Read-only access continues
|--- API access for extraction
|
Day 60: API access ends
|--- Data retained per policy
|--- Additional exports by request
|
Day 90+: Data deletion
|--- Per your instructions
|--- Or per retention policy
Section 8: Certifications & Third-Party Validation
8.1 Current Certifications
Trust but verify. We pursue third-party certifications to provide independent validation of our practices:
| Certification | Status | Scope | Description | |---------------|--------|-------|-------------| | SOC 2 Type II | In progress | Security, Availability, Confidentiality | Independent audit of security controls | | ISO 27001 | Planned | Information Security Management | International security management standard | | FedRAMP Moderate | In progress | US Federal requirements | Authorization for government use | | CSA STAR | Planned | Cloud Security | Cloud security alliance certification | | ISO 27701 | Planned | Privacy Management | Privacy-specific extension to ISO 27001 |
What SOC 2 Type II Means:
- Independent auditor tests our controls over 6-12 months
- Covers security, availability, and confidentiality
- Provides detailed report on control effectiveness
- Available to customers under NDA
8.2 Regular Audits
We do not wait for annual certifications to identify issues:
Penetration Testing:
- Annual third-party penetration tests
- Testing covers web application, API, infrastructure
- Critical findings remediated immediately
- Summary report available to customers
Vulnerability Assessments:
- Quarterly automated vulnerability scans
- Continuous dependency scanning
- Rapid patching of critical vulnerabilities (within 24-48 hours)
Security Monitoring:
- 24/7 security operations center monitoring
- Intrusion detection and prevention
- Anomaly detection and alerting
- Incident response procedures tested quarterly
Bug Bounty Program:
- Responsible disclosure program
- Rewards for valid security findings
- Published security.txt for researcher contact
8.3 Customer Audit Rights
Enterprise customers can verify our practices directly:
What We Provide:
- SOC 2 reports and bridge letters
- Penetration test summaries
- Compliance questionnaire responses
- Security architecture documentation
- Evidence packages for your security reviews
What You Can Request:
- Third-party security assessments
- On-site audit (with reasonable notice)
- Specific control testing
- Incident investigation access (for incidents affecting you)
Standard Audit Support:
- Pre-packaged evidence bundles for common frameworks
- Questionnaire response SLA (typically 5-10 business days)
- Dedicated security contact for audit inquiries
Conclusion & Commitment
Summary of Commitments
We have made comprehensive commitments throughout this paper. Let us restate them clearly:
YOUR DATA, YOUR CONTROL - OUR COMMITMENTS
Ownership: Your data belongs to you. We are stewards, not owners.
No AI Training: We NEVER train AI models on your data for other customers.
No Selling: We NEVER sell, share, or monetize your data.
Full Portability: Export all your data, any time, free of charge.
Complete Deletion: Delete all your data, any time, upon request.
Transparency: We tell you exactly what we do with your data.
Compliance: We meet or exceed all privacy regulations globally.
Contractual: These are not marketing promises - they are in the contract.
Why This Matters
Trust is the foundation of enterprise relationships. In construction, where project data represents decades of accumulated competitive advantage, where safety records carry life-and-death implications, and where client relationships are carefully cultivated assets, data governance is not a checkbox exercise.
You need a platform partner, not a data harvester.
We built MuVeraAI because we believe the construction industry deserves technology that respects its data, serves its interests, and earns its trust through transparency and accountability.
Your data belongs to you. Period.
Next Steps
Ready to verify our commitments? Here is how to proceed:
-
Review Our Data Processing Agreement Request a copy of our standard DPA to review with your legal team. We welcome questions and redlines.
-
Schedule a Security Review Call Connect with our security team for a detailed walkthrough of our architecture, controls, and certifications.
-
Request Our SOC 2 Report Available under NDA for qualified prospects and customers.
-
Start a Pilot with Confidence Begin with a limited deployment to verify our practices meet your requirements before broader rollout.
Questions to Ask Any Vendor:
We encourage you to ask these questions of every technology vendor you evaluate:
- Who owns the data I input and generate on your platform?
- Do you train AI models on my data? Does anyone else?
- Can I export all my data at any time? In what formats?
- Can I delete all my data at any time? What is the process?
- What happens to my data if I terminate our agreement?
- What third parties have access to my data?
- How do you handle government requests for my data?
Compare the answers. We are confident in ours.
Appendices
Appendix A: Glossary of Terms
| Term | Definition | |------|------------| | Data Controller | The entity that determines the purposes and means of processing personal data. As our customer, you are the Data Controller for your project and employee data. | | Data Processor | The entity that processes data on behalf of the Data Controller. MuVeraAI acts as a Data Processor for your data. | | Personal Data | Any information relating to an identified or identifiable natural person (employee data, contact information, etc.). | | Business Data | Operational data that is not personal data (project schedules, cost estimates, specifications, etc.). | | Sub-Processor | A third party engaged by the Data Processor to process data (e.g., our cloud infrastructure provider). | | Encryption at Rest | Encryption of data when stored (in databases, files, backups). | | Encryption in Transit | Encryption of data when moving between systems (via HTTPS/TLS). | | Multi-Tenancy | Software architecture where a single instance serves multiple customers with logical data separation. | | Data Portability | The ability to obtain your data in a structured, commonly used format for transfer to another provider. | | Right to Erasure | The right to have personal data deleted ("right to be forgotten") under GDPR and similar regulations. | | Row-Level Security (RLS) | Database feature that restricts which rows a query can access based on user context. | | DPA (Data Processing Agreement) | Contractual agreement defining responsibilities for data processing between Controller and Processor. |
Appendix B: Relevant Policies (Links)
| Document | Description | |----------|-------------| | Privacy Policy | Our full privacy policy detailing data practices | | Data Processing Agreement | Standard DPA for customer signature | | Acceptable Use Policy | Terms governing use of our platform | | Security Whitepaper (P2.1) | Detailed security architecture documentation | | Sub-Processor List | Current list of all sub-processors | | Cookie Policy | Policies on cookies and tracking technologies |
All documents available at: [Company website - trust center]
Appendix C: Contact Information
| Purpose | Contact | |---------|---------| | Privacy Questions | privacy@muveraai.com | | Data Protection Officer | dpo@muveraai.com | | Security Team | security@muveraai.com | | Customer Support | support@muveraai.com | | General Inquiries | info@muveraai.com |
Appendix D: Data Subject Request Form
To exercise your privacy rights, you may:
- Use self-service tools within the platform (Settings > Privacy)
- Email dpo@muveraai.com with your request
- Contact your account administrator to submit a request on your behalf
Please include:
- Your name and contact information
- Your organization name
- The nature of your request (access, correction, deletion, etc.)
- Any specific data you are requesting (if not all)
We will respond within 5 business days to acknowledge your request and provide an estimated completion timeline.
Document Version: 1.0 Last Updated: January 2026 Next Review: July 2026
This whitepaper describes MuVeraAI's data governance and privacy framework as of the publication date. Policies and practices are subject to update. The most current versions of all policies are available on our website.
Your data belongs to you. Period.