Security Architecture (Overview)
The validation infrastructure is segregated into distinct security boundaries: edge ingestion, validation compute, audit storage, and counterparty-facing API. Each boundary enforces strict access control, encryption at rest and in transit, and tamper-evident audit logging.
- AES-256 encryption at rest (in place)
- TLS 1.3 with mutual authentication (mTLS) for all counterparty traffic
- Environment separation: production / staging / research are isolated networks with no shared credentials
- Audit logs retained for the contractual minimum period; tamper-evident hash-chain
- Principle of least privilege; access reviews on a documented cadence
Certification Status
SPORTINDEX discloses certification status truthfully. Logos and completion claims are not displayed prior to formal issuance.
Data Handling Policy
- Collected: counterparty identity, contractual metadata, validation inputs as defined by the master service agreement
- Stored: encrypted at rest; access restricted to named personnel under documented role assignments
- Retained: for the contractual term plus the regulatory minimum, then securely deleted
- Shared: never with third parties outside the agreed sub-processor list; sub-processors are disclosed in the data processing agreement
- Deleted: upon written request and at contract termination, per a documented process
Validation Dashboard (Anonymized Public Sample)
The following is an anonymized public sample of the SPORTINDEX validation dashboard. All numeric values, model fingerprints, and counterparty identifiers are placeholders. Full panels marked [NDA] are disclosed only to verified institutional reviewers under definitive agreements.
![SPORTINDEX Validation Dashboard — anonymized public sample showing model status converged, rolling 90-day time window, confidence band [NDA], audit trail tamper-evident, spectral diagnostic heavy-tail exponent chart within healthy range, data coverage by league, NDA-locked panels for full metrics, and recent audit log events.](/images/validation-dashboard.svg)
NDA Review Process
Counterparties seeking access to validation metrics, full methodology, and model documentation initiate the NDA review through institutional contact channels. The process steps:
- Counterparty qualification (entity type, AUM threshold, regulatory standing)
- Mutual NDA execution covering reviewed materials and disclosure boundaries
- Scoped material release with watermarked artifacts and a defined review period
- Return or attested deletion of materials at the end of the review period
Sample NDA Table of Contents (Public)
The following is a structural illustration of the NDA covering the reviewed materials. The legal text is provided during institutional review only.
- 1. Parties and Definitions
- 2. Confidential Materials Covered
- 3. Permitted Review Scope
- 4. Data and Model Disclosure Boundaries
- 5. Security and Handling Obligations
- 6. Prohibited Use and Redistribution
- 7. Review Period and Return / Deletion
- 8. Contact and Escalation Process
Contact & Escalation
Institutional security, compliance, and due-diligence inquiries are routed through the counterparty access intake. Begin at Investors / Counterparty Access.