Privacy Policy

Last updated: April 15, 2026

This Privacy Policy describes how Hardseal (developed by A.I. Shovels LLC) handles data and privacy for both our website and our CMMC compliance evidence engine product.

Privacy-First Architecture: Hardseal is designed as an offline-first, air-gapped compliance tool. The product itself collects zero user data, stores nothing in the cloud, and transmits nothing to Hardseal or any third party. This is core to how the product works.

Website (hardseal.ai)

Information We Collect

The Hardseal website may collect minimal, non-personal information:

Standard web analytics (page views, referrer data)
Contact form submissions when you voluntarily provide your email or other information
Server logs (IP addresses, user agent strings) for security and performance

How We Use This Information

To understand how visitors use the site
To respond to your inquiries
To improve the website experience
To prevent abuse and maintain site security

Cookies

The Hardseal website uses minimal, functional cookies only. We do not use tracking cookies, advertising cookies, or any non-essential cookies. Functional cookies may include session management and basic preference storage.

Third-Party Services

The website may use standard third-party analytics services to measure traffic and usage. These services operate under their own privacy policies. We do not share personal information with advertisers or data brokers.

Hardseal Product (Compliance Evidence Engine)

Zero Data Collection

This is the core privacy feature of Hardseal. The product is offline-first and air-gapped. It does not:

Transmit system evidence, compliance data, or any information to Hardseal servers
Phone home or send telemetry
Connect to cloud services for evidence processing
Require internet connectivity to operate
Collect or track usage patterns
Store any information remotely

Local Evidence Collection

Hardseal collects system evidence entirely on your local machine. All evidence:

Is generated locally using Python compliance evidence collectors
Remains on your systems under your full control
Is never transmitted off-site
Can be encrypted using your own tools if desired
Is available for export only to local files or systems you control

Cryptographic Signing

Hardseal supports Ed25519 cryptographic signing for OSCAL evidence. All keys are:

Generated locally on your system
Stored locally under your control
Never transmitted to Hardseal or any third party
Never held in escrow or stored remotely

Third-Party Services (Product)

The Hardseal product uses zero third-party services. The engine operates entirely with standard Python libraries and open-source dependencies that run locally on your system.

OSCAL Exports

When you export compliance evidence as OSCAL or other formats, the export is:

Created as a local file on your system
Under your complete control for distribution, sharing, or storage
Not transmitted or logged by Hardseal

Data Retention

Hardseal (Company) Data

Hardseal (A.I. Shovels LLC) does not retain any customer compliance data, system evidence, or exported OSCAL files. Any data you voluntarily submit via email or contact forms will be retained only to respond to your inquiry, unless you request deletion.

Your Evidence

All compliance evidence and system data collected by the Hardseal product remains exclusively on your systems. You determine retention, deletion, and lifecycle management of this data.

Data Breach Notification

A.I. Shovels LLC maintains procedures to detect, investigate, and respond to any unauthorized access to or disclosure of personal information in accordance with the Florida Information Protection Act (Fla. Stat. § 501.171) and other applicable breach notification laws.

In the event that A.I. Shovels LLC determines that a breach of security has occurred involving personal information we hold (such as contact information you have voluntarily provided via email or our website), we will:

Notify affected Florida residents as expeditiously as practicable, but no later than 30 days after determination of the breach or reason to believe a breach occurred
Provide written notice to the Florida Attorney General's office if the breach affects 500 or more individuals
Include in any notification: a description of the incident, the categories of information involved, and contact information for further inquiries
For non-Florida residents, comply with applicable state breach notification laws in your jurisdiction

Product Note: Because the Hardseal product operates offline and collects zero data, a data breach of the product itself is architecturally impossible from our side. This breach notification section applies to any personal information you voluntarily provide to A.I. Shovels LLC through email, our website, or support channels.

Security

A.I. Shovels LLC implements security measures aligned with industry best practices:

The Hardseal product is designed to operate in air-gapped, disconnected environments for maximum security
All compliance evidence processing happens locally under your control
Website communications are protected via HTTPS/TLS encryption
Email communications via Google Workspace with DKIM authentication and encryption in transit
We do not store payment credentials, access tokens, or sensitive authentication data
We recommend customers follow NIST SP 800-171 security practices for managing evidence outputs

Controlled Unclassified Information (CUI)

Hardseal is designed to operate in environments that process CUI. However, A.I. Shovels LLC does not receive, process, store, or transmit CUI at any point. The product runs entirely on your systems, and all evidence (including any CUI-adjacent data) remains under your exclusive control.

You are solely responsible for ensuring that any CUI within your environment is handled in accordance with NIST SP 800-171, DFARS 252.204-7012, 32 CFR Part 2002, and your organization's CUI handling procedures. Hardseal does not access, extract, or transmit CUI data to any external system.

International Data Transfers

A.I. Shovels LLC is based in the United States (Florida). Since the Hardseal product is offline-first and collects no cloud data, international privacy regulations (GDPR, CCPA, etc.) are not applicable to the product itself. All compliance evidence remains on your systems in your jurisdiction.

For information you voluntarily provide to us (e.g., via email or website contact): if you are located outside the United States, your information may be transferred to and processed in the United States. By providing such information, you consent to this transfer. We process all data in accordance with applicable U.S. privacy laws.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last updated. Continued use of Hardseal following changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how Hardseal handles data, please contact us:

Email: rico@hardseal.ai

Company: A.I. Shovels LLC

Product: Hardseal — CMMC Compliance Evidence Engine

Summary

Hardseal's privacy advantage is straightforward: the product is offline-first, collects no data, and transmits nothing. All compliance evidence stays on your systems. You maintain complete control. The website uses minimal analytics and functional cookies. We never sell, share, or misuse customer data.