Legal · Data Use

Data Use Policy

Patterns feed the model. Raw data does not.

Last updated: 2026-05-02 · DPDP 2023 / AU Privacy Act / GDPR reference frame

1. Two distinct data streams

RAOSCAFF processes two clearly separated streams. Enterprise client data — submissions made to commission a Decision Brief — and Consumer behaviour data — voluntary questionnaire responses given by individuals using Personal Decision Intelligence surfaces. The streams are governed by different consent mechanics, retention rules, and use scopes. They are not co-mingled.

2. Enterprise data — purpose limitation

Enterprise client submissions are used solely to produce the specific Decision Brief commissioned in the engagement contract. They are not used for marketing to other clients, not shared with third parties, not cross-referenced against unrelated engagements, and not retained as raw data beyond the engagement window agreed in the contract.

3. What feeds the training corpus — patterns, never raw data

After the Brief is delivered, RAOSCAFF extracts structural learnings — categories of decision questions, scenario shapes, analytical pathways, and methodology refinements. These structural patterns feed the internal model improvement work. The raw client material — submitted documents, names, counterparty information, deal-specific values, geographic specifics, and any identifying detail — does not enter the training corpus. The corpus learns what kind of decision needs what kind of analysis. It does not learn that a specific client asked a specific question.

4. Anonymisation discipline (mandatory before extraction)

Before any pattern is extracted into the training corpus, the source material is run through an anonymisation step that removes or hashes: client name, counterparty names, named individuals, geographic specifics below state level, deal-specific identifiers, financial-amount specifics, and any unique tokens that could re-identify the engagement. The output of this step is structural metadata, not narrative content.

5. Consumer behaviour data — voluntary, opt-in, withdrawable

Personal Decision Intelligence surfaces collect behaviour data through opt-in questionnaires. Participants choose to fill questionnaires voluntarily. Each questionnaire discloses up front what data points are collected and how they are used. Participation is voluntary, withdrawable at any time, and the data feeds aggregate behaviour models — not individual profiles.

6. No third-party data sale, sharing, or licensing

RAOSCAFF does not sell, license, or share client data with any third party. Where a third party is involved in delivery (cloud-infrastructure provider, AI-orchestration provider, payment processor), the third party operates as a data processor under a written data-processing agreement bound to the same purpose-limitation rules.

7. Storage, security, access controls, and retention

Client submissions and Decision Briefs are stored on RAOSCAFF-controlled infrastructure with encryption in transit and at rest. Access is restricted to engagement-relevant team members under a principle of least privilege, with access logging on identified records. Default retention: identifiable enterprise client material is retained for the engagement window plus 90 days for delivery support and disputes, after which it is deleted from active records (engagement contracts may extend or shorten this window in writing). Standard cloud-hosting controls apply across all environments.

8. Data residency, processors, and cross-border transfer basis

Indian client data is primarily resident in India. Australian client data is primarily resident in Australia. RAOSCAFF engages a small set of named sub-processors for cloud infrastructure, AI-model orchestration, payments, and customer support; the current sub-processor list is available on written request to the contact in § 13. Where cross-border processing occurs (typically because an AI-orchestration call routes to a model hosted outside the primary residency region), the underlying material is anonymised before transfer wherever feasible, and the transfer is conducted on the legal basis applicable in the source jurisdiction (for India, the rules notified under the DPDP Act 2023 § 16; for AU, APP 8 with reasonable steps; for EU/UK, an appropriate transfer mechanism such as Standard Contractual Clauses). Where strict-residency engagements are required (e.g. a regulated Indian institution), the client may request a residency-restricted engagement at contracting.

9. Right to access, correct, port, and delete

Enterprise clients and consumer questionnaire participants may request access to their identifiable data, correction of inaccurate data, portability of their data in a commonly used machine-readable format where applicable under DPDP 2023 § 11–13 / GDPR Art. 15–20 / APP 12, and deletion of their identifiable data from active records. Following a deletion request, identifiable data is removed from active production systems within 30 days, and from rolling backups within 90 days as backup cycles complete. Anonymised structural patterns extracted into the training corpus prior to a deletion request do not reference the client, are not re-identifiable, and are therefore not retroactively reversible.

10. Right to opt out of pattern-extraction at engagement contracting

Enterprise clients with confidentiality requirements that exclude any pattern-extraction may request a no-extraction engagement at the contracting stage. The Decision Brief is delivered without any structural pattern being added to the training corpus afterwards. RAOSCAFF reserves the right to scope or price no-extraction engagements differently.

11. Consent and consequences of withdrawal

All processing operates on the basis of explicit consent. For enterprise engagements, consent is captured in the written engagement contract at scope confirmation. For consumer questionnaires, consent is captured at questionnaire submission with a clear statement of what is collected and why. Consent can be withdrawn prospectively at any time without penalty. Practical consequence of withdrawal: where consent is withdrawn mid-engagement, RAOSCAFF may be unable to complete the commissioned Brief; in that case, the engagement is treated as terminated, and any refund or pro-rata adjustment is governed by the engagement contract. Withdrawal of consumer-questionnaire consent stops further participation; any compensation model that may be introduced when the panel is launched will be governed by the terms in force at that time.

12. Children

RAOSCAFF surfaces are intended for adults. Personal Decision Intelligence questionnaires include a self-declared age gate; participants below 18 (or the age of majority in their jurisdiction, where lower) are not eligible to submit questionnaires. Where RAOSCAFF becomes aware that data has been submitted by a child without verifiable parental consent, the data is deleted from active records. RAOSCAFF does not knowingly process children's data and does not offer separate child-aimed surfaces.

13. Grievance Officer, Data Fiduciary contact, and complaints

RAOSCAFF acts as a Data Fiduciary under the Digital Personal Data Protection Act 2023 for the personal data it processes. For DPDP-related queries, consent withdrawal, data-subject-rights requests, or grievance redressal, contact: inquiries@raoscaff.com (subject line: 'Data Use — [your request]'). RAOSCAFF will acknowledge written DPDP complaints within 7 calendar days and respond substantively within the timelines required by the DPDP Rules notified under the Act. Where a complaint cannot be resolved, the data principal retains the right to escalate to the Data Protection Board of India or the analogous regulator in their jurisdiction.

14. Compliance reference frame

This policy is drafted with reference to: India Digital Personal Data Protection Act 2023 and rules notified under it; Australia Privacy Act 1988 and the Australian Privacy Principles; the General Data Protection Regulation (EU) 2016/679 and UK GDPR where applicable to EU/UK residents; and analogous frameworks in other jurisdictions where RAOSCAFF operates. Where regulatory positions evolve, RAOSCAFF updates this policy and dates the change.

15. Updates and supersession

This Data Use Policy may be updated as platform surfaces, regulatory contexts, and engagement patterns evolve. Material updates are dated and the latest version supersedes prior versions. Each engagement contract incorporates the policy version current at contracting; site updates apply prospectively to subsequent engagements and to consumer questionnaire submissions made after the update.