Privacy Policy

Transaction Science, Inc. operates CommunicationOS. This policy describes how we handle the message, voice, video, mesh, and remote-desktop traffic that flows through the platform.

1. Scope of Data Handled

CommunicationOS routes the customer's communications: SMS bodies, email payloads, push notification contents, chat messages, voice and video media frames, SIP signaling, federation queries, mesh-routed packets, remote-desktop pixel and audio streams. We are a processor of this content on behalf of the customer; the customer is the controller.

2. Tenant Isolation

Every customer operates in its own tenant with tenant-scoped keys, storage, and indices. Federation between tenants is opt-in and signed end-to-end via JWP ReceiptPayloads. Cross-tenant data access is not possible without explicit federation configured by the customer.

3. End-to-End Encryption

All managed surfaces are encrypted in transit (TLS 1.3, JWP). For E2E messaging surfaces, MLS (RFC 9420) is enabled by default once the customer's directory of recipients is configured. Post-quantum (SPQR-class) ratchets are on the 2026 H2 roadmap and offered to regulated customers as a private preview.

4. Receipts & Audit Logs

Every comms event ships a JWP ReceiptPayload — total joules, channel, signer, timestamp. Receipts archive into the customer's compliance evidence locker; raw payloads do not, unless explicitly configured. Receipts contain no message bodies.

5. Retention

Default content retention is 30 days for messages and media frames; default receipt retention is 7 years. Customers may configure retention per surface to meet jurisdiction-specific requirements (HIPAA, GDPR, MiCA, FINRA WORM).

6. Data Residency

Region selectable at tenant creation: US, EU, UK, APAC, sovereign on-prem. No cross-region replication without explicit configuration.

7. Contact

Privacy inquiries: [email protected]