Scope
Use public policy pages for the service model, not for contract-specific promises.
These policy pages describe the current VeridataOps service model and shared-responsibility boundary for public website, hosted-service, and customer-facing review flows.
They do not replace signed customer terms, DPAs, SCCs, deployment-specific security commitments, or customer legal advice.
Published Documents
Minimum required public policy set.
Internal Boundary
Keep these artifacts out of the public pages.
| Artifact | Why it still exists | Publication class |
|---|---|---|
| Signed terms, DPA, SCCs, or transfer addenda | Contractual allocation of legal obligations and processing instructions. | Contract only |
| Internal retention, deletion, legal-hold, and backup procedures | Operator execution and deployment evidence vary by package and environment. | Internal only |
| Incident response SOPs and breach-escalation runbooks | Operations need them, but they are not raw public policy text. | Internal only |
| Deployment-specific supplier approvals and region records | Needed for scoped audit packets and procurement review. | Customer packet / internal evidence |
Next Step
Use the live public surface as the review artifact.
When a customer or reviewer needs product-safe wording, point them at these URLs on veridataops.com and then attach deployment-specific evidence separately.