// PROTOCOL

Data Sovereignty Protocol

Last Refactored: December 2025

// 01. THE MINIMIZATION MANDATE

FosterUI operates on the principle of Via Negativa (subtraction). This applies to data collection just as it applies to code. I do not collect data "just in case." I collect only the strict minimum operational telemetry required to diagnose technical debt and refactor your architecture.

My business model is based on surgical code intervention, not data monetization. I do not sell, rent, or trade client data.

// 02. ARTIFICIAL INTELLIGENCE GOVERNANCE

STACK: Google Workspace for Business / Gemini Ultra

FosterUI utilizes Large Language Models (LLMs) to augment code analysis and pattern recognition. I utilize Google Workspace for Business, which is covered by a strict enterprise data protection addendum.

  • No Training on Client Data: Your code, proprietary logic, and business metrics are excluded from the public training sets of Google's models.
  • Data Encryption: All interactions with AI infrastructure are encrypted in transit and at rest.
  • Human-in-the-Loop: AI is used for diagnostics (The Audit) and boilerplate generation (The Build). No AI-generated code is deployed to your production environment without human review by the Principal Architect.

// 03. OPERATIONAL STACK & COMPLIANCE

I value radical transparency. Your data flows through the following secure, enterprise-grade processors:

HubSpot (CRM)

Stores contact info and deal stages. SOC 2 Type II Compliant.

Apollo.io (Intelligence)

Used for technographic signal detection (identifying public app stacks). GDPR Compliant.

Shopify Partners

Used for development simulations and collaborator access. Adheres to Shopify Partner Program Agreement.

Loom

Used for asynchronous video audits. Videos are password-protected or link-restricted.

// 04. COLLABORATOR ACCESS PROTOCOL

When FosterUI requests access to your Shopify store, I strictly adhere to a "Least Privilege" security model. I will never request "Full Access."

REQUIRED PERMISSIONS:

  • [x] Themes (Edit/Upload)
  • [x] Manage and install apps
  • [x] Products (Read-Only)

RESTRICTED PERMISSIONS (I DO NOT ACCESS):

  • [ ] Orders (PII)
  • [ ] Customers (PII)
  • [ ] Reports / Financials

// 05. THIRD-PARTY LIABILITY & GHOST CODE

The core service of FosterUI involves the identification and removal of "Ghost Code" (legacy scripts from uninstalled apps).

While FosterUI removes the visible client-side references (Liquid tags, Asset files), I cannot control the behavior of third-party servers that may still be receiving requests. FosterUI assumes no liability for data previously collected by third-party applications installed by the Client prior to engagement.

// 06. DATA SUBJECT RIGHTS

You retain full ownership of your data. Upon request, I will:

  • Export: Provide a complete export of any data I hold about you or your store.
  • Delete: Permanently remove your data from all systems within 30 days of engagement termination.
  • Restrict: Limit processing to specific purposes upon written request.

To exercise these rights, contact: robert@fosterui.com

Questions about data handling?

I operate on radical transparency. Ask me anything.

Contact the Architect