Compliance & Data Handling

• Scope: Non-diagnostic / R&D-supportive by default(Clinical-adjacent uses require specific SOW expansion).

• Data Sovereignty: Work performed in client-owned tenant (Azure/AWS/Private VPC) to ensure data never leaves your control.

• Privacy: No PHI processed unless covered by a specific BAA.

• AI Governance: All prompts, system messages, and parameters are version-controlled with full traceability (Git-style) to support Validation/CSA.

• Deliverables: All IP (code, artifacts, validation docs) is delivered directly into your Quality Management System (SharePoint/Veeva).

• Regulatory: Designed to support your compliance with GxP, 21 CFR Part 11, EU Annex 11, and EU AI Act obligations.