Two-Tier Storage Model
Tier 1 — Ephemeral (Default)
All assessments use the ephemeral tier unless the client opts in to retained storage during onboarding.
| Attribute | Value |
|---|---|
| Default | Yes — applied to all assessments automatically |
| Contents | collection.json.enc + report.pdf.enc |
| TTL | 48 hours from report delivery confirmation |
| Deletion trigger | TTL expiry — store-native mechanism, not application logic |
| Encryption | AES-256 at rest, TLS 1.3 in transit |
| Access | Assessment Engine service identity only — read once during assessment job |
| Operator access | None — CYC staff cannot read contents |
| Client access | None — client receives the report only, not raw data |
Tier 2 — Retained (Opt-In)
Clients who opt in have their data moved from ephemeral to retained after report delivery. This enables Tier 2 consultation and Tier 3 drift detection.
| Attribute | Value |
|---|---|
| Default | No — client must opt in before payment |
| Contents | collection.json.enc + findings.json.enc + report.pdf.enc |
| TTL | 90 days from report delivery — or immediate on client deletion request |
| Encryption | AES-256 at rest, TLS 1.3 in transit |
| Access | Assessment Engine (drift), CYC Tier 2 analyst (read-only, audit-logged) |
| Permitted uses | Follow-up analysis, Tier 2 consultation, Tier 3 drift detection, responding to client questions |
| Prohibited uses | Training AI models, benchmarking against other clients, sharing with third parties |
Client deletion
Clients can request immediate deletion of retained data at any time via the CYC account portal. Deletion is confirmed by email within 24 hours. See Client Deletion Request Process.