What this system sees
of your organization.
When an organization submits a declaration through Threshold, the system receives the contents of that declaration: the stated purpose, the chain of handling, the named relying parties, and the declared settlement terms. This information is necessary for the clearing evaluation to run.
Declarations are records. Once submitted, they are retained as part of the cleared engagement record. They cannot be recalled, amended retroactively, or removed. This is by design, because the integrity of the system depends on declarations being permanent and verifiable.
The system does not retain information about who submitted a declaration beyond what is necessary to process and record the engagement. IP addresses and request metadata are not stored at the application layer. Standard infrastructure logs may exist at the hosting level, as described below.
The system does not build profiles of organizations. It does not track behavior across sessions. It does not sell or share organizational data with third parties.
Organizations should understand that declarations submitted through Threshold describe what they intend to do with personal digital information. That description is the basis of the cleared record.
The declared record exists to be verified. It is not a confidential document held only by the organization. It is a statement of intent that the system evaluates and records. People whose data is involved may have visibility into what was declared about its use. That is the point.
This site is hosted on Railway and served through Cloudflare. Standard server log data, including IP addresses and request metadata, is collected by these providers as part of normal hosting and network infrastructure. This is governed by Railway's Privacy Policy and Cloudflare's Privacy Policy.
The system applies reasonable safeguards to the organizational data it holds, appropriate to the nature of that data and the scale of the operation. Access to stored declaration records is limited to what operating and enforcing the system requires.
If a data breach affecting organizational data occurs, it is addressed as required by applicable law, including any notification owed to affected parties. No system can guarantee absolute security. The commitment here is reasonable protection and lawful response, not a guarantee against all risk.
Questions about this policy: contact@publicdigitaldomain.org