Data Sovereignty Framework

Your family's data is your most sensitive asset.
We govern it.

Data privacy and data security are not features of the Kaldroa Sprint. They are its architecture. Every deliverable — the Clean Room, the Digital Silhouette, the IPP Framework, the G3 Tech Keys — exists to ensure that your family's operational data remains sovereign, governed, and exclusively yours.

93%

of family offices using or interested in AI have no governance framework

Goldman Sachs 2025

7%

of family office operating costs spent on IT and technology

UBS 2025 — massively underspent

86%

lack clear succession plans for key decision makers

JPMorgan 2026

The Threat

Your CIO is probably using ChatGPT with your portfolio data right now. You just don't know it.

Shadow AI — staff using personal AI accounts to process sensitive family data — is the number one data sovereignty risk in family offices today. It is invisible, unaudited, and almost universally present. It is not a technology problem. It is a governance problem.

Shadow AI

Staff process sensitive data through personal ChatGPT, Gemini, or Copilot accounts. That data may be retained, used for model training, or exposed in a breach. Most principals have no visibility into this.

Fragmented Systems

Six or more disconnected platforms, none with unified access control, audit logging, or data classification. When something goes wrong, there is no trail and no containment.

Key-Person Dependency

The CIO holds the master password list. The Operations Manager knows every custodian login. When either departs — planned or otherwise — the family loses access to its own data.

The Framework

Four layers of data sovereignty.
Built in 90 days.

Every Kaldroa Sprint delivers the same four-layer data sovereignty framework — regardless of the family office's size, structure, or current technology stack.

01

Digital Silhouette

Phase 1 — Days 1–30

You cannot protect what you cannot see.

We map every data exposure point across your family office — custodian portals, advisory platforms, personal devices, cloud storage, and shadow AI tools. The result is a complete Digital Silhouette: your full attack surface, documented and risk-rated before a single remediation is made.

Complete inventory of all systems touching family data
Shadow AI audit — identifying unauthorised AI tool usage
Key-person dependency mapping — who holds what knowledge
Digital exposure risk rating per system and data type
DMARC, SPF, DKIM status across all family office domains
02

Sovereign AI Clean Room

Phase 3 — Day 90 Delivery

Private AI. Zero retention. Full governance.

The Clean Room is a private, audited AI environment where every interaction with family data is governed, logged, and contained. No data enters shared models. No prompts are retained. No family information leaks into third-party training sets.

Data classification policy — what can and cannot be processed by AI
Zero-retention API configuration — no data persists beyond the session
Private deployment on a sovereign subdomain (client-owned)
IPP 5-Gate compliance framework on every AI interaction
Quarterly AI governance review under the MOAR retainer
03

IPP 5-Gate Framework

Active from Day 31

Five gates every AI interaction must pass.

Every AI interaction in the family office is governed by a five-stage compliance framework before it touches sensitive data. The IPP Framework is operational from Day 31 and forms the backbone of the Sovereign AI Clean Room.

Gate 1 — Verify: is the requestor authorised to access this data class?
Gate 2 — Validate: does the request comply with the data classification policy?
Gate 3 — Encrypt: is data encrypted in transit and at rest?
Gate 4 — Sovereign: is processing occurring within the governed environment?
Gate 5 — Audit: is every interaction logged with full provenance?
04

G3 Tech Keys

Phase 3 — Day 90 Handover

No single point of failure. Ever.

The G3 Tech Keys protocol eliminates the single greatest data security risk in any family office: key-person dependency. When the CIO leaves, retires, or is incapacitated, system access does not die with them.

G3 Tech Key Register sealed across four categories: Platform, Recovery, AI, Succession
2-of-3 recovery authorisation — no single individual holds all access
Dry-run recovery test before Day 90 handover
Succession timeline embedded in the Family Constitution
Annual rotation review under the MOAR retainer

The Guarantee

Data sovereignty is a contract,
not a claim.

Everything below is written into the engagement agreement before work begins. Not aspirational. Contractual.

You own your data

Throughout the engagement and after it ends, all family data remains yours. Kaldroa holds no copies, retains no access, and stores no family information beyond what is operationally necessary during the Sprint.

You own the infrastructure

The KaldroaBus, the Clean Room deployment, and every piece of code we build is handed over to you on Day 90. Source code included. No vendor lock-in. No dependency on Kaldroa to operate it.

NDA before we speak

Every Sovereignty Session is preceded by a mutual NDA. Your identity, your family's structure, and everything discussed is strictly confidential. We have never named a client. We never will.

FCA-regulated founder

Stephen Mistretta holds CF1, CF4, CF10, CF11, CF21, CF27, and CF30 qualifications. FCA Reference: SJM01337. Advisory-only. Fiduciary duty explicitly scoped in a separate legal document.

The Clean Room

The answer to every AI data privacy question your board will ever ask.

The Sovereign AI Clean Room is a private, governed AI environment deployed on infrastructure the family owns. No data enters shared models. No prompts are retained. Every interaction is logged with full provenance. The family's CIO can use AI to analyse the portfolio — without the portfolio data leaving the family's control.

Data retention

Zero — beyond the session

Deployment

Private — client-owned subdomain

AI training

None — family data excluded

The First Step

Find out what your data exposure actually looks like.

The 15-question Health Check assesses your data governance, shadow AI exposure, key-person dependency, and technology maturity. Anonymous. 5 minutes. Instant results.

Anonymous by design. No account. No data retained. NDA before we speak.