Trust & Security

01 · Data Flow

How a call moves through ACTI-BLITZ™

Audio from your live call is captured at the call layer (Zoom, Google Meet, Teams) via the ACTI-BLITZ™ Chrome extension. The audio stream is transmitted over encrypted connection to AssemblyAI for transcription with speaker diarization.

Transcribed text is then passed through the ACTI-BLITZ™ detection layer — Claude API for primary state analysis, Cohere Command R7B for budget routing and load distribution, and Cohere Embed 4 + Qdrant for semantic state-detection embeddings. The detection result returns to your rep's screen within the timing windows described on the FAQ page.

No call audio is stored long-term during the Design Partner phase. Transcripts are retained only for the duration of an active session unless a Design Partner explicitly opts in to extended retention for product improvement.

02 · Vendor Stack

Who we use, what they touch, where they sit

AssemblyAI: Speech-to-text transcription. Audio passes through; transcripts return. SOC 2 Type II. HIPAA-eligible architecture.
Anthropic Claude: Primary state detection. Receives transcribed text only — no audio. Anthropic's enterprise data policy prohibits training on customer API inputs by default.
Cohere: Budget routing & embeddings. Command R7B for load distribution, Embed 4 for semantic vectors. Enterprise data controls.
Qdrant: Vector database. Stores embedding vectors for state detection — not raw transcripts. Self-hosted on E2Active infrastructure during Phase 1.
Netlify: Frontend & static hosting. Marketing site and Chrome extension distribution. SOC 2 Type II.

Each vendor is selected because they meet or exceed the security posture we'd hold ourselves to as the platform matures. Vendor changes during the Design Partner phase are communicated to partners in advance.

03 · Access Control

Who at E2Active can see your data

Production data access is restricted to Ron Magic Jackson. No external contractors have production access during Phase 1. Engineering access is granted only to named technical partners under written agreement, with audit logging on all production reads.

Cohort partners can request a full access-control review at any time. Email [email protected].

04 · Retention & Deletion

What we keep, what we drop, what you can request

Call audio: Not retained. Processed in-flight by AssemblyAI; not stored on ACTI-BLITZ™ infrastructure.
Transcripts: Active session only, unless Design Partner opts in to extended retention. Default deletion at session end.
State detection vectors: Retained anonymized for system improvement during the cohort phase. No mapping back to call content.
Account & billing: Retained per US tax/financial recordkeeping requirements.
Deletion requests: Honored within 30 days of written request to [email protected]. Anonymized aggregate metrics may remain.

05 · Encryption

How data is protected in transit and at rest

All data transmitted between the client, the ACTI-BLITZ™ application layer, and vendor APIs is encrypted in transit using TLS 1.3. Data at rest in Qdrant and operational databases is encrypted using AES-256. API credentials and secrets are managed in encrypted secret stores, never committed to source.

06 · Compliance Posture

Where we are, where we're going

SOC 2 Type II: Audit prep begins Phase 2. Vendor stack is already SOC 2–aligned. Certification target: within 12 months of GA.
GDPR: Data subject rights honored on request. Formal DPA template available to Design Partners on request.
HIPAA: Not currently HIPAA-targeted. ACTI-BLITZ™ is built for B2B sales conversations, not protected health information.
CCPA: Honored for California residents per applicable state law.

We will not claim certifications we don't hold. As compliance milestones are reached, this page is updated with the date and the auditor.

07 · Incident Response

If something goes wrong

In the event of a security incident affecting Design Partner data, affected partners are notified within 72 hours of incident discovery, with details on scope, remediation, and any actions required on the partner's side. This commitment is in writing in the Design Partner agreement.

08 · Architecture Brief

For deeper diligence

Design Partners — and prospective partners under NDA — receive the full ACTI-BLITZ™ Technical Architecture Brief on request. It covers the complete data-flow diagram, vendor agreements, model selection rationale, infrastructure topology, and the Phase 1 → Phase 2 → Phase 3 security roadmap.

To request the brief: email [email protected] with subject line "Architecture Brief Request." Ron sends a mutual NDA, you countersign, you get the document.