How JourneyOS handles client data.

How JourneyOS handles your data: three non-negotiable principles.

Your data is not training data for JourneyOS models

Client data is processed per engagement. JourneyOS does not aggregate data across clients and does not train models on client data. The customer-types and behavioral inferences ship back to you and stay there.

No cross-client aggregation

Each pilot is siloed. There is no cross-client data pool, no cross-client insight transfer, and no benchmark layer built from another client's data.

Client-owned outputs

You keep everything JourneyOS generates: the customer-type definitions, the simulation runs, the intervention recommendations, and the supporting evidence. JourneyOS does not retain rights over client outputs after deletion.

What JourneyOS sees during a pilot.

JourneyOS reads anonymized voice-of-customer artifacts (reviews, NPS verbatims, support tickets), funnel event data (the steps your funnel surfaces in your analytics), and optionally a sample of customer attributes if you choose to share them. Personally identifying information is never required.

Customer IDs are hashed by default. The method does not need a real customer identifier to function. The customer-type inference works on the behavioral signal in the artifacts, not on identity.

Where JourneyOS stores your data and how it is encrypted.

Storage location

Pilot data is processed inside JourneyOS-controlled infrastructure with strict per-pilot isolation. Where a client engagement requires client-environment processing, JourneyOS configures that under the data processing agreement signed before any data exchange.

Encryption at rest

AES-256 for all client data persisted during a pilot. Encryption keys rotate per pilot.

Encryption in transit

TLS 1.2 or higher for all data exchange between client systems and JourneyOS.

Retention policy

Default retention is pilot duration plus 30 days. Custom retention is set in the per-pilot data processing agreement.

Deletion on client request

Deletion is guaranteed within 30 days of a written client request. JourneyOS returns a deletion certificate that names the dataset, the deletion date, and the personnel who confirmed it.

What JourneyOS is NOT: a CDP, an enrichment service, a marketing tool.

JourneyOS sits next to your existing analytics, CDP, and marketing stack as a diagnostic layer. The boundaries below are deliberate, and they shape what JourneyOS will and will not do during a pilot.

JourneyOS is not a CDP

JourneyOS does not aggregate user profiles across data sources, does not build customer 360 records, and does not maintain identity graphs. JourneyOS reads existing customer voice and funnel events; the CDP layer stays your CDP.

JourneyOS is not an enrichment service

JourneyOS does not append third-party data, does not buy data from data brokers, and does not call external identity-resolution APIs. The only third-party inputs are public behavioral research findings used for calibration.

JourneyOS is not a marketing tool

JourneyOS does not send campaigns, does not store marketing lists, and does not push messages to your customers. JourneyOS generates the diagnostic; your existing marketing or product stack ships the intervention.

JourneyOS's roadmap for SOC 2 and certifications.

JourneyOS is not SOC 2 certified. SOC 2 readiness is on the roadmap. ISO 27001 is also on the roadmap. Both timelines accelerate as the pilot pipeline matures and the first enterprise client requires them.

For the current state of either certification, contact the founder.