Component 2 — Ephemeral Data Store
What It Is
The Ephemeral Data Store (EDS) is the secure, encrypted, time-limited storage layer between the Data Collector and the Assessment Engine. It is not a general-purpose database — it is a purpose-built, privacy-enforcing store with a single write path (Data Collector) and a single read path (Assessment Engine).
Privacy guarantee
The EDS makes CYC Assess's zero-retention promise architecturally enforced, not just policy-stated. TTL deletion is handled by the store's native mechanism, not application logic — it cannot be accidentally bypassed by a code change.
Architecture
Design Principles
| Principle | Definition |
|---|---|
| Job-scoped isolation | Each job writes to an isolated namespace. No job can access another job's data. |
| Encryption at rest | AES-256. Keys managed by CYC key management service, not embedded in code. |
| TTL-enforced deletion | Store-native TTL mechanism. Application logic does not control deletion timing. |
| No operator read access | CYC operations staff cannot read raw client environment data. |
| Atomic write | Data Collector writes in a single atomic operation. Partial writes do not exist. |
| Immutable after write | Assessment Engine reads but does not write back to the collection file. |
| Metadata-only audit log | No content in logs — only job lifecycle events. |
Subsections
| Page | Content |
|---|---|
| Storage Model | Tier 1 and Tier 2 detail, permitted/prohibited uses |
| Encryption | DEK/KEK envelope encryption, key lifecycle |
| Job Lifecycle | State machine from created to expired |
| Access Control | Identity matrix — who can access what |
| Audit Log | Schema, retention policy, privacy design |