ODIN Privacy Policy

OVERVIEW

ODIN is a proprietary operating system and trading name of 404 Noir Inc. (“404 Noir,” “we,” “us” or “our”). This policy describes how we collect, use, and protect the institutional and personal information processed through the ODIN platform and website. By initiating a liaison or utilizing the ODIN OS, you agree to the processing of data in accordance with this policy.

DATA SOVEREIGNTY & OWNERSHIP

  • Client Ownership: ODIN operates under a model of absolute Data Sovereignty. While 404 Noir Inc. provides the technical architecture, the Client remains the sole owner and steward of their core operational data.

  • WORM Compliance: Once committed to the OS, data is subject to WORM (Write Once, Read Many) protocols. This ensures an immutable forensic record, providing an audit trail that satisfies high-level fiduciary standards.

  • Responsibility: End users are responsible for the accuracy and management of their own data inputs within this secure environment.

INFORMATION WE COLLECT

  • Liaison Data: Information provided via our secure webforms, including name, institutional affiliation, and secure contact details.

  • System Metadata: We automatically collect technical data such as IP addresses, device identifiers, and access logs to maintain system security and forensic audit integrity.

  • Operational Data: For active users, this includes data necessary for mission success, such as GPS coordination, secure SITREPs, and clinical continuity logs (processed under HIPAA protocols).

LEGAL BASIS FOR PROCESSING

We rely on the following legal grounds:

  1. Performance of Contract: To deliver the functional requirements of the ODIN OS.

  2. Fiduciary Necessity: To maintain the immutable records required for institutional oversight.

  3. Legal Obligation: To comply with global standards including GDPR, ISO 27001, and ISO 31030.

DATA SECURITY & STORAGE

All information is stored on secure, audited servers.

  • Encryption: Data is protected by AES-256 encryption at rest and TLS/SSL in transit.

  • Access: Only authorized personnel are permitted to access information in the course of system maintenance or at the explicit request of the Client.

  • Retention: Data is retained only for as long as necessary to fulfill contractual or legal obligations.

THIRD-PARTY DISCLOSURE

We do not sell data to third parties. Information is only shared with:

  • Service Providers: Only as required to fulfill specific operational functions (e.g., Satcom, clinical directors).

  • Law Enforcement: When compelled by law for the prevention of fraud, or for immigration, security, or anti-terrorism purposes.

YOUR RIGHTS

Under relevant data protection laws (including GDPR), you have the right to access, correct, or request the deletion of your personal information. Note that data committed to the WORM-compliant forensic record may be exempt from deletion where legal or audit obligations prevail.

CONTACT

To exercise your rights or request a Technical Briefing on our data protocols, please contact us through the Initiate Liaison secure webform.