Draft for internal review only — not legal advice. This document is a working draft based on the EquestrianIQ Pre-Launch Policy Pack (v0.1) and must be reviewed by qualified counsel before launch.
Purpose
This policy restricts EquestrianIQ staff and contractors from accessing user records except where required for support, security, legal compliance, billing, user-authorised assistance or product operations.
Rules
- Production access is limited to approved roles and protected by multi-factor authentication.
- Staff must not access user documents out of curiosity or for personal reasons.
- Support access to a user record requires a documented support ticket or user request, unless needed for security or legal reasons.
- Access to sensitive records is logged and periodically reviewed.
- Staff complete privacy and security training before receiving access.
- Staff and contractors sign confidentiality obligations.
- Access is removed promptly when staff change roles or leave.
Break-glass access
Emergency administrative access is limited to named senior roles, logged, justified and reviewed after use.