Data & Trust

What we analyze

We measure coordination using operational metadata your systems already produce. Typical fields include timestamps, categories, workflow IDs, and coarse locations. Content is not required. Personally identifiable information (PII) is excluded by default.

Inputs

  • Start method: standard flat-file exports from your systems.

  • Formats: CSV or similar with operational fields only.

  • Transfer: client-owned shared drive, secure upload link, or SFTP.

  • Roadmap: read-only connectors and real-time monitoring for approved systems.

Purpose and limits

Your data is used to calculate coordination metrics, surface loss, and deliver recommendations to improve capacity. No sale of data. No training of models on client data.

Storage and access

Files are stored in approved cloud storage with encryption at rest and TLS in transit. Access is limited to named personnel on a need-to-know basis. Access is logged.

Subprocessors

A short list of vetted service providers may assist with analysis and delivery. The current list is available on request. Clients are notified before a new subprocessor is added for active work.

Retention and deletion

Default retention is 30 days after results are delivered. On written request we will delete sooner and confirm in writing within 7 days. We maintain a deletion log.

Security events

If we become aware of a security incident affecting your data, we will notify your contact within 72 hours with scope, impact, and actions taken.

Client controls

You may remove columns before sending, replace identifiers with hashes, or require immediate deletion after delivery. If preferred, we analyze from a location you control and delete our working copy after results are delivered.

Compliance and deployment options

Engagements are designed to run without PII or regulated data. Private cloud or on-prem deployments can be scoped as needed. Independent attestations and additional controls can be added based on client requirements.

Questions

Email info@qoherence.com for the current subprocessor list, a lightweight DPA, or a deletion request.