Privacy Commitments

How we protect your data — and why we treat privacy as a strategic asset, not a compliance burden.

Most AI vendor privacy pages exist to avoid hard questions. Ours exists to answer them.

Our position

The Result Center treats your data privacy as a strategic asset, not a compliance burden. That conviction shaped how we built CLAIR (our practitioner platform) and EPIE (our subscriber-facing executive intelligence platform). Both run on the same secured foundation, under the same controls.

We make two parallel commitments — and we keep both, deliberately and at the same time:

We act in your privacy interests by choice — not because a regulation told us to.
We mitigate the actual risk that your data is misused or exposed — with real architecture, not reassurances.

Audited foundation. Stewardship by choice.

What we choose to do

Our corpus is ours — and your individual data is yours. EPIE’s pattern intelligence is built from content we have already published — the AI for the C Suite® podcast, the Friday newsletter, and related work we own. We do not build it from your inputs. Your individual questions and uploads are never used to train any AI model, never shown to another subscriber, and never sold. What we do learn from is the aggregate: we study how EPIE is used across the whole subscriber base — in de-identified form that cannot be traced back to you or your company — to spot trends, improve the product, build aggregate trend features, and shape what we research and publish. Individual data harvesting, no. Anonymized pattern-spotting across everyone, transparently — yes, and we say so plainly.

Work in CLAIR stays in CLAIR — completely. CLAIR processes client-confidential material — board strategy, succession plans, peer-group conversations — inside a secure AWS environment. It does not leave, it is never used to train models, and it is never included in any aggregate trend analysis. The trust your clients place in you has to hold inside our infrastructure, or it cannot hold at all.

Our governance is public. The AI Governance Policy, Data Handling Addendum, Approved Tools List, Content Claims Response Addendum, and Platform Security Overview are written in plain language and meant to be read — by practitioners before they sign, by subscribers before they subscribe, and by the general counsels and CIOs who advise them. Visibility is part of stewardship; controls you can’t see don’t count.

The people behind the platform carry personal accountability. Our development partner brings 20+ years of cybersecurity experience to how the platform was designed and built, and the same standards of confidentiality, candor, and fiduciary care run through how we handle your data at every level of the business. The people who decide how your data is handled approached the work with the disposition of professionals who carry personal responsibility — not vendors checking compliance boxes. That is not an accident.

How we mitigate risk

The honest line on certifications. The AWS infrastructure our platform runs on is independently audited against SOC 2, ISO 27001, HIPAA-eligibility, PCI DSS, and FedRAMP — real, current, and verifiable directly from AWS. The TRC application on top of that infrastructure is not yet independently SOC 2 audited. Application-level SOC 2 Type II is on our roadmap. If you’re asking “are you on enterprise-grade audited infrastructure?” the answer is yes. If you’re asking “do you have your own SOC 2 report on the application?” the answer is not yet — and we’ll tell you that directly rather than pretend otherwise.

Encryption everywhere. Every byte at rest is encrypted; if a drive were ever stolen, the data on it would be unreadable. Everything in motion travels over an encrypted connection, using the same standards the financial services industry uses.

Controlled, authenticated access. Sign-in runs through Amazon Cognito, multi-factor authentication is required on every account, sessions expire, and access is logged.

Network isolation. The database is not reachable from the public internet. The only path to your data runs through the application, through authentication, and through access control.

Belt-and-suspenders isolation. Every subscriber and every practitioner sees only their own data. That separation is enforced twice — once in the application and again at the database itself. Both checks must pass.

No training on your inputs — ever. The AI layer runs on Amazon Bedrock under contracts that prohibit using your inputs to train future models. Your individual conversations are isolated to you and are never used to train any AI model. (We do study usage in aggregate, de-identified form to improve the product and spot trends — see “Our corpus is ours” above. And EPIE’s multi-model research feature may send a query you run to an external AI provider to produce a result, under terms that prohibit training on it — we say so plainly rather than claim no third party ever processes your data.)

Retention you can count on. Your EPIE conversation history is retained for up to one year, then deleted. Deletion requests are honored within 60 days, and every meaningful action on the platform is logged and reviewable.

What this page does not replace

This is a public statement of our values and architectural choices. It is not a legal document. For the binding detail — exactly what we collect, how we use it, who processes it, and the rights you have — read our Privacy Policy. Where this page and the Privacy Policy or the governing contract documents differ, those documents control.

Ask us a hard question

We mean it. Email legal@resultcenter.net — monitored every business day, acknowledged in writing within three business days. Prospective EPIE subscribers whose CIO or general counsel needs to run privacy diligence before subscribing: same address. We’ll walk a reviewer through the architecture, the governance documents, and the Platform Security Overview.