GDPR
The European data-protection regulation. Lawful basis, purpose limitation, data minimisation, and the rights of the data subject — treated as a non-negotiable floor.
Veritas-Vault is engineered against six data-protection and information-security frameworks simultaneously. The memory-only architecture is what makes that simultaneity possible — there is one substrate to certify, not six adaptations.
Each framework below describes a body of obligation. Veritas-Vault meets the data-minimisation core of every one structurally — through memory-only processing, not paperwork. Formal certification is in progress; the architecture is audit-ready today.
The European data-protection regulation. Lawful basis, purpose limitation, data minimisation, and the rights of the data subject — treated as a non-negotiable floor.
The post-Brexit successor regime. Substantively aligned with the EU framework, with ICO-specific obligations and the UK's own adequacy posture observed.
The revised Swiss federal regime, effective September 2023. The domestic standard against which a Geneva-domiciled platform is measured.
An attestation of operational controls across security, availability, processing integrity, confidentiality, and privacy — measured over a defined observation period.
The international standard for information-security management systems. Risk-based controls across people, process, and technology — assessed as one integrated programme.
The South African data-protection regime. Operative for institutional counsel with cross-border exposure into the Republic and the wider SADC region.
Audit reports available on request, under NDA.
Veritas-Vault uses Cloudflare Web Analytics to monitor aggregate site traffic. No cookies. No personal data. No third-party trackers. Visit counts and referrer paths only — held by Cloudflare under EU data-protection terms.
The list below describes what Veritas-Vault does not collect, measure, infer, or share — at any layer of the site, the platform, or the report-delivery pipeline.
A standard Data Processing Agreement is available for institutional clients whose engagement requires Veritas-Vault to act as data processor under Article 28 GDPR (and equivalent provisions under UK GDPR, Swiss FADP, and POPIA). The agreement covers sub-processing, international transfers, breach notification, and deletion on termination — though the latter is, in practice, structurally guaranteed by the memory-only architecture itself.
Standard Contractual Clauses are appended where international transfer is in scope. A redlined draft is shared at the scoping stage of any engagement.