PREAMBLE
This protocol governs the deployment of digital trackers, telemetry, hardware metrics, and cryptographic session-management tools across the Sutherland ecosystem. It is enforced strictly by Sutherland Private Office SAS (Entity A), acting as the Data Controller, in absolute compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the European ePrivacy Directive, and the guidelines set forth by the French Commission Nationale de l'Informatique et des Libertés (CNIL) and the European Data Protection Board (EDPB).
1. ZERO-SURVEILLANCE ARCHITECTURE & THE FIDUCIARY PHILOSOPHY
Sutherland prioritizes data sovereignty over commercial convenience. The digital footprint of our clients, their inquiries regarding capital entry points, and their structural tax models remain strictly classified.
We categorically reject the use of invasive third-party tracking pixels (e.g., Meta, Google Ads), behavioral retargeting algorithms, and speculative advertising networks. Our digital perimeter is sealed against cross-site commercial profiling. Sutherland does not participate in the secondary data monetization market, nor do we employ "Pay-or-Consent" (Cookie Wall) monetization models. Access to the Sutherland OS is strictly contingent upon formal KYC clearance, not the exploitation of a client's digital rights.
Furthermore, Sutherland categorically rejects behavioral Browser Fingerprinting (e.g., Canvas or Font fingerprinting) and probabilistic Cross-Device Tracking (Device Stitching). Authentication tokens are strictly device-bound. We do not attempt to covertly aggregate a client's disparate hardware endpoints into a unified behavioral profile. Any hardware metrics collected at the network edge are strictly utilized for cryptographic authentication and the mitigation of Distributed Denial of Service (DDoS) attacks, and are immediately hashed without the possibility of reverse decryption.
2. STRICTLY NECESSARY INFRASTRUCTURE, LOCAL STORAGE & CRYPTOGRAPHIC CACHING
The structural integrity of the Sutherland OS and the broader platform relies exclusively on strictly necessary operational trackers. Under Article 82 of the French Data Protection Act (Loi Informatique et Libertés), this encompasses traditional HTTP cookies, HTML5 Local Storage, Session Storage, and Cryptographic Key Caching mechanisms. These are deployed solely to:
Maintain encrypted session security during client navigation.
Facilitate secure authentication into the XXXXXXX (country)-hosted Sutherland Virtual Data Room (VDR).
Execute Forensic Access Logging: generating immutable audit trails (timestamp, IP, and identity token) for the access and disclosure of highly classified tax models and forensic due diligence, constituting a strict legal prerequisite for multi-million euro transaction validation.
Execute the necessary cryptographic handshakes with our global Edge Delivery Protocol (QUIC.cloud) and our primary European routing infrastructure (MechanicWeb).
Mitigate automated cyber-threats and execute Anti-DDoS load balancing via Zero-Tracking Cryptographic Proof-of-Work protocols. Sutherland categorically prohibits the deployment of commercial CAPTCHA services (e.g., Google reCAPTCHA) that extract personal data or deploy tracking cookies.
Web3 & Proof of Funds Caching: To facilitate the verification of digital assets as mandated by our AML & KYC Protocol, Local Storage may temporarily cache Web3 session states and Public Keys. Sutherland explicitly does not request, read, or cache Private Keys or mnemonic seed phrases under any circumstances.
Client-Side Fiduciary Duty: While Sutherland mathematically guarantees data integrity during transit and on sovereign servers via End-to-End Encryption (E2EE) and Zero-Knowledge architectures, the physical and digital integrity of the client's local hardware remains the exclusive fiduciary responsibility of the User. Sutherland assumes no liability for the compromise of localized session tokens or Local Storage caches resulting from client-end malware, compromised networks, or zero-day vulnerabilities affecting the client's localized operating system.
Cryptographic Subdomain Compartmentalization: To technically enforce the "Chinese Wall" separating Sutherland Private Office SAS (Entity A) from the regulated brokerage operations of Sutherland International Realty SAS (Entity B), all session tokens and Local Storage caches are strictly compartmentalized at the subdomain level. Authentication tokens for the secure VDR environment are cryptographically isolated and cannot be queried, read, or intercepted by scripts operating within the public brokerage domain.
Tracker Lifecycle & Remote Invalidation (Kill Switch): All session-management and cryptographic authentication tokens are strictly ephemeral. They are mathematically destroyed on the client’s local hardware immediately upon the termination of the secure session (browser closure). In the event of client-side hardware compromise, authorized Family Office representatives may initiate a global "Kill Switch" protocol via our Data Protection Officer, which instantaneously invalidates all active cryptographic session tokens across all devices.
3. THE CNIL EXEMPTION DIRECTIVE, TELEMETRY & AI PROHIBITION
In strict accordance with Article 82 of the French Data Protection Act and the current CNIL deliberations regarding digital trackers, Sutherland’s operational architecture is legally exempt from prior user consent mechanisms (the standard "cookie banner").
We utilize strictly first-party, non-intrusive analytical telemetry solely to monitor server load, algorithmic latency, and structural network performance. This telemetry is mathematically anonymized at the network edge and processed exclusively internally by Sutherland Private Office SAS.
Explicit AI/LLM Training Prohibition: Sutherland enforces an absolute, legally binding prohibition on the secondary use of client data. No structural telemetry, session logs, metadata, or behavioral navigation patterns generated within this ecosystem will ever be utilized, ingested, or licensed for the training of generative Artificial Intelligence (AI) or Large Language Models (LLMs), whether internal or external.
Data Retention Limits: Pursuant to CNIL Deliberations No. 2020-091 and 2020-092, the lifespan of first-party analytical trackers deployed on a client's device is strictly capped at thirteen (13) months. All aggregated, anonymized structural data is permanently purged from our sovereign servers after a maximum period of twenty-five (25) months.
4. THIRD-PARTY SOVEREIGNTY FIREWALL, ZERO EMBEDS & SCHREMS II COMPLIANCE
Absolute data isolation is maintained across the ecosystem. No third-party analytics providers, external real estate agencies, or unauthorized governmental bodies have access to the session data generated within this platform.
Zero Third-Party Embeds: To prevent backdoor cookie injection by Big Tech entities, Sutherland maintains a strict "Zero Third-Party Iframe" policy. All multimedia content, Private Inspection video tours, 3D asset models, and cartographic data are hosted exclusively on our sovereign first-party infrastructure (XXXXXXXXXX (provider)/MechanicWeb). We categorically prohibit the embedding of external media players (e.g., YouTube, Vimeo) or third-party mapping services.
Given our deployment of a global Edge Delivery Protocol (QUIC.cloud), telemetry or encrypted data packets originating from clients outside the European Economic Area (e.g., USA, UAE) may transit through international edge nodes. Pursuant to the binding jurisprudence of the Court of Justice of the European Union (CJEU - Schrems II), Sutherland relies not only on Standard Contractual Clauses (SCCs) but deploys strict Supplementary Measures. The CDN routes exclusively encrypted packets. The asymmetric decryption keys remain permanently isolated within our XXXXXXXX (country) sovereign perimeter (XXXXXXX provider). Consequently, any extraterritorial data interception — including demands executed under the US CLOUD Act or FISA — is rendered mathematically useless and legally void.
5. USER SOVEREIGNTY, GPC & BROWSER-LEVEL CONTROL
While Sutherland operates under the CNIL consent exemption due to our zero-surveillance framework, users maintain ultimate sovereignty over their local hardware. The Sutherland gateway infrastructure natively recognizes and unconditionally respects Global Privacy Control (GPC) cryptographic signals and "Do Not Track" (DNT) browser headers.
Clients may configure their browser parameters to automatically reject all network trackers. However, blocking strictly necessary authentication tokens will permanently sever access to the Sutherland VDR and prevent the authorization of any Private Inspection or asset allocation.
6. COMPLIANCE ENDPOINT
Inquiries regarding our cryptographic protocols, edge delivery telemetry, or data sovereignty architecture must be directed to our designated Data Protection Officer at: dpo@sutherlandam.com.