Covenant Command Center
Privacy Policy

1. Introduction

Welcome to LPN to RN Program. We are committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI-powered loan covenant monitoring service.

Who We Are:
Covenant Command Center provides AI-powered extraction and monitoring of loan covenants for banking institutions and financial services organizations.

What This Policy Covers:
This policy applies to all users of our Service, including beta participants, paid subscribers, and website visitors.

2. Information We Collect

2.1 Information You Provide Directly

When you use Covenant Command Center, you provide:

2.2 Information Collected Automatically

• Usage Data: Features used, documents processed, login timestamps
• Technical Data: IP address, browser type, device type, operating system
• Performance Data: Extraction speed, accuracy rates, error logs

2.3 Information We Do NOT Collect

• ❌ Social Security Numbers or Tax IDs (unless in uploaded loan documents)
• ❌ Personal banking credentials (we never ask for passwords)
• ❌ Browsing history outside our Service
• ❌ Location tracking (GPS data)
• ❌ Biometric data

3. How We Use Your Information

We use your information ONLY for these purposes:

3.1 Service Delivery

• ✅ Extract covenants from loan agreements using AI
• ✅ Monitor covenant compliance and detect breaches
• ✅ Send real-time breach alerts via SMS and email
• ✅ Generate compliance reports and dashboards

3.2 Account Management

• ✅ Create and maintain your user account
• ✅ Process subscription payments
• ✅ Provide customer support
• ✅ Send service updates and security notifications

3.3 Product Improvement

• ✅ Improve AI accuracy (covenant mapping table refinements)
• ✅ Fix bugs and performance issues
• ✅ Develop new features based on usage patterns

3.4 Legal Compliance

• Comply with legal obligations (subpoenas, court orders)
• Enforce our Terms of Service
• Protect against fraud and security threats

4. Data Security & Protection

We implement bank-grade security measures to protect your data:

4.1 Encryption

• At Rest: AES-256 encryption for all stored data
• In Transit: TLS 1.3 encryption for all data transfers
• Database: Encrypted backups with separate encryption keys

4.2 Access Controls

• Role-Based Permissions: Users only see data they're authorized to access
• Multi-Factor Authentication (MFA): Available for all accounts (required for admins)
• Password Requirements: Minimum 12 characters, complexity enforcement
• Session Management: Auto-logout after 30 minutes of inactivity

4.3 Infrastructure Security

• Cloud Provider: AWS (SOC 2 Type II certified) or Azure Government Cloud
• Firewalls: Network segmentation and intrusion detection
• Monitoring: 24/7 security monitoring and alerting
• Penetration Testing: Annual third-party security audits

4.4 On-Premise Deployment

For banking institutions requiring maximum control, we offer on-premise deployment:

• ✅ All data stays on your servers (zero cloud storage)
• ✅ You control access, backups, and retention policies
• ✅ Meets regulatory requirements for data sovereignty
• ✅ Available for Enterprise plans

5. Data Retention & Deletion

5.1 How Long We Keep Your Data

5.2 How to Request Data Deletion

You can request immediate deletion by:

1. Emailing: privacy@covenantcommandcenter.com
2. Subject line: "Data Deletion Request"
3. Include: Your account email and institution name
4. We will confirm deletion within 7 business days

6. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you have specific privacy rights under GDPR (EU) and CCPA (California).

6.1 Rights for All Users

• Right to Access: Request a copy of all data we hold about you
• Right to Correction: Update inaccurate or incomplete data
• Right to Deletion: Request permanent deletion of your data
• Right to Portability: Export your data in machine-readable format (JSON, CSV)
• Right to Object: Opt out of certain data processing activities

6.2 GDPR-Specific Rights (EU Users)

• Right to Restrict Processing: Limit how we use your data
• Right to Lodge a Complaint: Contact your Data Protection Authority
• Legal Basis for Processing: We process data based on:
  • ✅ Contract performance (providing the Service)
  • ✅ Legitimate interests (product improvement, security)
  • ✅ Your consent (marketing emails — opt-in only)

6.3 CCPA-Specific Rights (California Users)

• Right to Know: Categories of data collected and how it's used
• Right to Opt-Out: We do NOT sell your data (nothing to opt out of)
• Right to Non-Discrimination: We will not penalize you for exercising privacy rights

6.4 How to Exercise Your Rights

Email: privacy@covenantcommandcenter.com with:

• Your full name and account email
• Specific request (access, deletion, portability, etc.)
• Verification: We may ask for proof of identity (last 4 digits of payment method)

Response Time: Within 30 days (GDPR) or 45 days (CCPA)

7. Third-Party Services & Sharing

We use a small number of trusted third-party services to operate Covenant Command Center. We never sell your data.

7.1 Third Parties We Work With

7.2 When We May Share Data

We only share your data in these limited circumstances:

• With Your Consent: If you explicitly authorize sharing (e.g., integration with your core banking system)
• Service Providers: Third parties listed above (under strict data processing agreements)
• Legal Requirements: Court orders, subpoenas, regulatory inquiries
• Business Transfers: If Covenant Command Center is acquired (you'll be notified)
• Security Threats: To prevent fraud, abuse, or security breaches

8. Cookies & Tracking

8.1 Cookies We Use

We use minimal cookies — only what's necessary to operate the Service:

8.2 What We DON'T Use

• ❌ No advertising cookies (we don't show ads)
• ❌ No cross-site tracking (we don't follow you around the web)
• ❌ No social media pixels (Facebook, LinkedIn, etc.)
• ❌ No third-party analytics (Google Analytics, etc.)

8.3 Cookie Controls

You can control cookies via:

• Browser Settings: Block or delete cookies (may break functionality)
• Our Dashboard: Disable non-essential cookies in Account Settings

9. International Data Transfers

Covenant Command Center operates globally. Your data may be processed in different countries:

9.1 Where Data Is Stored

• US Customers: Data stored in AWS US East (Virginia) or US West (Oregon)
• EU Customers: Data stored in AWS EU (Frankfurt) — GDPR compliant
• UK Customers: Data stored in AWS EU (London) — UK GDPR compliant
• On-Premise: Data stays in your jurisdiction (no transfers)

9.2 GDPR Safeguards for EU Data

If you're in the EU and your data is transferred to the US:

• ✅ Standard Contractual Clauses (SCCs): EU-approved transfer mechanism
• ✅ Data Processing Agreements: All vendors sign DPAs
• ✅ Encryption: Data encrypted during transfers

10. Children's Privacy

Covenant Command Center is not intended for children under 18. We do not knowingly collect data from minors.

If you believe a child has provided us with personal information, please contact us at privacy@covenantcommandcenter.com and we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes to our Service (new features)
• Legal or regulatory requirements
• Industry best practices

11.1 How We'll Notify You

• Material Changes: Email notification 30 days before effective date
• Minor Changes: Update "Last Updated" date on this page
• Your Options: If you disagree with changes, you may cancel your account

Continued use of the Service after changes = acceptance of updated policy.

12. Contact Us

For privacy questions, data requests, or concerns:

EU Representative (GDPR)

If you are in the European Union and have concerns about our data practices, you may contact your local Data Protection Authority or reach us at the email above.