Platform-Specific Data Handling Procedures
Document 15 of the Board Governance Binder
← Governance Binder › Technology & Data Governance
Platform-Specific Data Handling Procedures
Document 15 REFERENCE
Required per Data Governance & Cybersecurity Policy, Section VII. Identifies data types, classifications, and handling rules for each Pet Command platform.
Data Classification Reference
| CLASSIFICATION | DEFINITION |
|---|---|
| Public | Information intentionally available to the general public. |
| Internal | Corporation operations data not for public release. |
| Confidential | Sensitive information requiring protection (donor records, personnel, financial, Board deliberations). |
| Restricted | Highest protection (veterinary records, PII, geolocation, credentials). |
MAYDAY
Purpose: Lost/found pet reporting, emergency alerts, community search coordination.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Pet report details | Public (when published) | Published to search. Retained permanently in Ledger. |
| Reporter contact info | Confidential | Encrypted at rest. Disclosed only to verified responders. |
| GPS / geolocation data | Restricted | Encrypted. Access limited to case participants. Retained case duration + 7 years. |
| Guardian Network volunteer data | Confidential | Encrypted. Access limited to MAYDAY coordinators. |
| Support Companion chatbot interactions | Restricted | May contain crisis indicators. Encrypted. Restricted access. |
ShelterOS
Purpose: Shelter/rescue management, intake, adoption, transfer, outcome tracking.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Animal intake records | Internal | Retained permanently. Portions may be public for adoption listings. |
| Adopter / foster personal info | Confidential | Encrypted. Access limited to shelter staff. 7-year retention. |
| Medical records | Restricted | Encrypted. Access limited to authorized shelter and vet staff. |
| Genesis Generator naming data | Internal | ML-generated names. No PII involved. |
| Staff and volunteer records | Confidential | Personnel records. 7 years after separation. |
LifeLog
Purpose: Lifetime pet health records, guardian designation, emergency preparedness.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Pet health records | Restricted | Encrypted. Owner-controlled access. Vet-ready export maintains integrity. |
| Guardian personal information | Confidential | Encrypted. Shared only with designated caregivers and vets. |
| Microchip registry data | Restricted | Critical ID data. Encrypted. Authentication required. |
| Custody chain / guardian designations | Restricted | Legal significance. Append-only per Canon. |
| Pet Cost Ledger / insurance data | Confidential | Financial info. Encrypted. Owner-controlled sharing. |
| Voice-to-Log audio recordings | Restricted | Audio encrypted at rest. Transcriptions as Ledger events. |
VetOS
Purpose: Veterinary practice management, clinical records, imaging, billing, compliance.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Patient medical records | Restricted | Encrypted. Subject to state vet practice act retention. |
| Client personal / financial info | Restricted | PII and financial. Encrypted. PCI compliance for payments. |
| Diagnostic imaging (DICOM) | Restricted | Encrypted. Retained per vet record requirements. |
| Controlled substance / Rx logs | Restricted | DEA-regulated. Encrypted. Licensed vet access only. Audit trail. |
| Billing and insurance claims | Confidential | Financial records. Encrypted. 7-year retention. |
| Staff credentialing / licensing | Confidential | Verified and retained per Identity + Credentialing spec. |
Guardians
Purpose: Volunteer management, training certification, field deployment.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Volunteer personal info | Confidential | Encrypted. Access limited to program coordinators. |
| Training/certification records | Internal | Retained for service duration + 7 years. |
| Background check results | Restricted | Highly sensitive. Encrypted. Restricted access. EEOC guidelines. |
| Field deployment / location data | Confidential | Not retained beyond operational need unless part of case. |
ACO-Mobile
Purpose: Animal control field operations, MAYDAY report management, municipal coordination.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Officer activity and case logs | Internal | Retained per municipal and state records requirements. |
| Citizen complaint data | Confidential | Reporter info protected. Subject to public records exceptions. |
| GPS / field location data | Confidential | Officer location during ops. Retained for case documentation only. |
| Municipal integration data | Internal | Shared per interoperability agreements. |
SYSOP
Purpose: System-level supervisory control, cross-platform administration.
| DATA TYPE | CLASSIFICATION | HANDLING REQUIREMENTS |
|---|---|---|
| Admin user accounts / credentials | Restricted | Encrypted. MFA required. Access logged and auditable. |
| System configuration / policy rules | Internal | Change history as append-only events per Canon. |
| Cross-platform audit logs | Confidential | Retained permanently. Append-only. |
| Tenant / organization management | Confidential | Multi-tenant isolation per Canon Tenancy doctrine. |
Cross-Platform Rules
- All platforms route canonical data through Pet-Command-Bridge to Ledger.
- All platforms enforce dual-time doctrine (occurredAt + ingestedAt/recordedAt).
- All platforms use UUIDv4 or equivalent offline-safe identifiers.
- All platforms log actions with correlationId and causationId.
- All platforms encrypt data in transit (TLS 1.2+) and at rest.
- No platform sells, shares, or monetizes user data. Ever.
Annual Review
Reviewed annually by CEO. Updated when platforms are added or data handling materially changes.