Privacy Policy

We retain your data only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law.

Personal Information:

• Email address: Used for account verification, communication, and service updates. For Medi Pass users, the email address is irreversibly hashed (using industry-standard algorithms like scrypt or pbkdf2 via Werkzeug security) for secure storage. For Store Clients, it may be stored encrypted (using symmetric encryption like AES via the Fernet library).
• First and last name: Used to personalize your experience and verify your identity.
• Date of birth (DOB): Used to confirm eligibility for age-restricted services.
• Phone number: Used for account recovery and two-factor authentication.
• State: User's state, collected during registration to ensure compliance with state-specific regulations.
• Do Not Sell Preference: User's choice regarding the sale/sharing of personal information in compliance with privacy laws.
• Notification Preference: User's choice to unsubscribe from non-essential email notifications.
• Medical Recommendation Details & Documents/Images: Used solely to validate eligibility for Medi+ services. These documents and images are stored encrypted on our servers (or optionally within your linked Google Drive folder).
• Membership details (e.g., plan type)
• Store information (for registered store clients: store name, representative, location)
• Pass creation data for Samsung Wallet / Apple Wallet (where applicable)
• QR code information for Medi Pass and other ID passes
• Device ID (for store clients): Used during login to help secure your account against unauthorized access from different devices.
• Google Profile Information (name, email, profile picture): Collected during Google OAuth for authentication and account management purposes.

For Medi Pass users, details such as Name, Date of Birth, Phone Number, Provider Name, Patient ID, and Expiration Date are stored encrypted within user-specific data files hosted on our secure servers (or optionally within your linked Google Drive folder).

Technical Information:

• IP addresses: Used to detect and prevent fraud, ensure security, and improve service performance.
• Browser and device information: Used to optimize the app for your device and troubleshoot issues.
• Cookie data
• Usage statistics
• Authentication tokens (including JSON Web Tokens, a.k.a. JWTs): Used to securely manage your login sessions.
• Allowed file types for uploads: png, jpg, jpeg, gif, txt
• System and server logs (Flask logs, IP addresses, user agent details)
• Session Data & Token Identifiers: We utilize Redis (an in-memory data store hosted within our secure Google Cloud Platform environment) to manage user login sessions, JWT blacklist entries, device identifiers for session validation, and the validity of authentication tokens (JWTs).
• Administrative Logs (Edit History): Records of changes made to user or store data by authorized administrators are maintained for auditing and security purposes. These logs are stored encrypted in a file (data/edit_history.json).
• Browser Local Storage: We may use your browser's local storage to store certain identifiers (like a unique device ID for Medi+ session security) or user preferences (like notification settings caching for Medi Pass users) directly on your device. This data persists even after the browser is closed but is not typically sent to the server unless needed for specific functionality.

3.1 Data Storage Locations

We utilize Google Cloud Platform services for data storage and processing. Your information may be processed and stored in various locations globally, including:

• United States (Primary)
• European Union
• Asia Pacific Region

Additionally, user-generated files and images may be stored in Google Drive when you authorize our application to link with your Google account. We adhere to Google's security and compliance standards for such integrations. Users can view and manage the files uploaded to Google Drive by our application via the standard Google Drive interface. All files are stored in the dedicated application folder, accessible only by the app and the authenticated user.

3.2 Transfer Safeguards

We implement the following safeguards for international data transfers:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• End-to-end encryption for data in transit
• Regular audits of data protection measures

We rely on the robust data protection measures implemented by our infrastructure providers, such as Google Cloud Platform, which include Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs), to safeguard data during international transfers.

4.1 Core Service Providers

We partner with trusted third-party providers to deliver Medi+ services. These providers include:

• Google Cloud Platform: For secure data storage and processing.
• SendGrid: For sending email communications.
• Google Drive: For optional storage of user-uploaded documents.
• Stripe: For secure payment processing and subscription management.

Each provider is carefully selected and contractually bound to protect your data. For a full list of providers and their roles, see the table below.

4.2 Service Provider Compliance

• All providers maintain SOC 2 Type II certification (or equivalent)
• Regular security assessments and audits
• Contractual data protection obligations
• Data processing agreements in place

4.3 Google API Services & Data Usage

When you use our Google integrations, we adhere to Google's API Services User Data Policy. Our use of Google API Services is strictly limited to:

When you connect your Google account to Medi+, we adhere to Google's API Services User Data Policy and use OAuth to securely access specific data with your permission. Here's how it works:

• Specific Drive Files Access/OAuth Consent Screen:
  During login, you'll see a consent screen that clearly outlines the data Medi+ will access. We only access specific Google Drive files that you explicitly authorize solely for storing your medical recommendation documents. We use the following OAuth scopes:
  • https://www.googleapis.com/auth/drive.file: This restricted scope limits our access to only files and folders created by our application or specifically selected by you.
  • https://www.googleapis.com/auth/userinfo.email: Allows access to your email for authentication purposes.
  • https://www.googleapis.com/auth/userinfo.profile: Provides basic profile information for account management.
  • openid: Used for secure authentication.
  The limited drive.file scope ensures that we do not have access to your entire Google Drive, only the specific files you share with our application.
• User Profile Information:
  We collect basic profile information (email and profile data) solely for authentication and account management purposes.
• Limited Use Requirements:
  In accordance with Google API Services User Data Policy, we:
  • Only use Google user data to provide or improve user-facing features that are prominent in our interface
  • Never sell Google user data
  • Never use or transfer Google user data for advertising purposes
  • Never mislead users about our identity or misrepresent our access to Google user data
  • Only transfer Google user data to others if necessary to provide or improve features, comply with applicable laws, or as part of a merger/acquisition (with user consent)
• Data Retention & Deletion:
  
  • We retain Google user data only for as long as necessary to provide our services
  • Upon receiving a deletion request, we will remove all Google user data within 30 days
  • Some data may be retained in encrypted backups for up to 60 days for disaster recovery purposes
• Security Measures:
  
  • All Google user data is encrypted in transit and at rest
  • Access to Google user data is strictly limited to authorized personnel
  • We maintain logs of all access to Google user data for security purposes
• Adherence to Google's Policies:
  Medi+ strictly complies with Google's Limited Use Requirements, which mandate that:
  • We only use your data to provide or improve Medi+ features.
  • We do not use your data for unauthorized advertising or any other unauthorized purposes.
  • We do not transfer your data to third parties except as necessary to provide services (e.g., cloud storage) or as required by law.
  • We retain your data only as long as necessary and delete it promptly upon your request or when no longer needed.

You can revoke our access to your Google data at any time by:

1. Visiting your Google Account Permissions
2. Selecting the appropriate app from the list
3. Clicking "Remove Access"

For more information, please review the Google API Services User Data Policy.

4.4 Additional Data Sharing Scenarios

Beyond our core service providers, we may share your data in the following limited circumstances:

• Legal Obligations: We may disclose your data if required by law, such as in response to a valid court order, subpoena, or government request. We will only share the minimum data necessary to comply with such requests.
• User-Consented Sharing: With your explicit consent, we may share your data and trend data with other service providers or partners.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity. We will notify you of any such transfer and ensure your data remains protected under similar standards.
• Protection of Rights: We may share data to protect our rights, safety, or property, or that of our users or others, such as in cases of fraud or security threats.

In all cases, we ensure that any data sharing is conducted under strict data protection standards and in compliance with applicable laws.

5.1 Technical Security Measures

• Encryption:
  
  • Strong symmetric encryption for data at rest (utilizing industry-standard libraries like Fernet, based on AES)
  • TLS 1.3 for data in transit
  • Encrypted backup storage
  • Encryption of QR codes, .pkpass files (Apple Wallet), and .wpk files (Samsung Wallet)
  • OAuth access and refresh tokens are stored encrypted at rest
• Access Controls:
  
  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Least privilege principle
• Network Security:
  
  • Web application firewall (WAF)
  • DDoS protection
  • Regular penetration testing
• HTTP Security Headers:
  
  • Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Content-Type-Options, X-Frame-Options, etc.
• Reverse Proxy & HTTPS Enforcement:
  
  • All traffic is served via HTTPS, forcing secure connections (TLS/SSL) at the server level.
  • Requests pass through an Nginx reverse proxy, which adds security headers and logs all requests.
  • Automatic redirects from HTTP to HTTPS to ensure encrypted communication.
• API Rate Limiting:
  
  • Default limits of 10000 requests per day and 1000 requests per hour per IP address.
  • Certain endpoints have additional per-minute restrictions (e.g., 3 to 5 requests per minute) to further mitigate brute-force attempts, DDoS attacks, and other malicious activities.
  • Configurations are reviewed periodically to balance performance and security.

5.2 Organizational Security Measures

• Employee Training:
  
  • Annual security awareness training
  • HIPAA compliance training
  • Data protection best practices
• Security Policies:
  
  • Incident response procedures
  • Change management policies
  • Access review processes

6.1 HIPAA Compliance

We are not a HIPAA-covered entity because we do not meet the definition of:

• A healthcare provider transmitting health information electronically
• A health plan
• A healthcare clearinghouse

Nevertheless, we strive to implement HIPAA-grade security measures to protect sensitive information and maintain the trust of our clients and users. Our safeguards include:

• Encryption of All Medical Data:
  Ensuring that all medical information is encrypted both in transit and at rest using industry-standard encryption protocols.
• Secure Access Controls:
  Employing multi-factor authentication, role-based access permissions, and other secure access controls to restrict unauthorized access to sensitive data.
• Comprehensive Audit Logging:
  Maintaining detailed audit logs for all access and modifications to medical and administrative data to enable accountability and transparency.
• Regular Security Assessments:
  Conducting routine security risk assessments and implementing necessary updates to address potential vulnerabilities and ensure compliance with applicable data protection standards.

6.2 Special Category Data Protection

• Restricted access to authorized personnel only
• Additional authentication for medical data access

6.3 State Medical Marijuana Program Compliance

We recognize and respect that different states in the United States have specific laws and regulations governing the possession, distribution, and use of medical marijuana. In order to remain compliant with these state programs, we:

• Verify the authenticity of medical marijuana recommendations based on each state's regulatory framework.
• Maintain updated knowledge of state-specific rules regarding the collection, handling, and storage of medical marijuana information.
• Prohibit unauthorized access to or disclosure of patient data that is collected in connection with these programs.
• Implement policies and procedures to address state inspection requests, audits, and compliance reviews.

6.4 Additional Details About Recommendation Processing and Storage

Our platform facilitates the submission and processing of medical marijuana recommendations from authorized healthcare providers. Here is how we manage these recommendations:

• Document Verification: Recommendations are checked for legitimacy and validity based on the information provided by the issuing provider and applicable state regulations.
• Secure Storage: Valid recommendations are encrypted and stored in secure, access-controlled databases to ensure confidentiality and compliance with relevant regulations.
• Expiration Tracking: Recommendation records include expiry dates, after which we notify users (where legally allowed) or remove expired data from active use to maintain compliance with retention rules.
• Restricted Access: Only authorized users (e.g., the patient, legitimate store or service providers, and designated staff) may view recommendation details, in accordance with applicable state privacy laws.

6.5 Scope of Medical Data

While we handle medical marijuana recommendations, we do not store or transmit detailed medical conditions or diagnoses. The information we process is limited to data necessary for verifying the validity of the recommendation itself (e.g., issuing provider details, expiration date, and patient ID). By design, we do not collect or maintain comprehensive patient health records or diagnostic information.

7.1 Types of Cookies Used

7.2 Cookie Control

We use cookies that are essential to the security and functionality of our services, including user authentication and session management. These cookies are strictly necessary, and the service cannot function without them.

If you do not wish to accept essential cookies, you will not be able to use our services. By continuing to use our platform, you acknowledge the use of these strictly necessary cookies. For other optional cookies (e.g., analytics or preferences), you may manage your browser settings or use our consent tool to opt out if desired.

7.3 Additional Cookie Clarifications

• JWT Cookies (Medi+, Medi Pass, Admin):
  We use JSON Web Tokens (JWTs) stored in session cookies for each application segment. These cookies validate user identity and session status.
  • Medi+ and Medi Pass: Ensure that patients and store clients access their respective dashboards securely.
  • Admin: Single authorization only (no refresh tokens), locked to a single authorized Google account for enhanced security and to prevent unauthorized access.
• CSRF Cookies:
  For certain requests (e.g., form submissions or data changes), CSRF tokens are set and validated to mitigate cross-site request forgery. These tokens are stored in separate security cookies and must match the tokens in request headers for the request to succeed.
• Single Google Account Restriction (Admin):
  For enhanced security, only one preauthorized Google account is allowed to authenticate in the Admin and portal. This ensures that unauthorized individuals cannot manage user registrations or access administrative tools.

7.4 Local Storage

In addition to cookies, we may utilize your browser's local storage mechanism. This allows us to store certain data directly on your device, which can persist even after you close your browser. We use local storage for:

• Storing a unique device identifier for Medi+ users to enhance session security.
• Caching user preferences, such as notification settings for Medi Pass users, to improve user experience.

Data stored in local storage is generally not sent to our servers unless required for specific features and is subject to the same security principles as other data we handle. You can typically clear local storage through your browser's settings.

8.1 Your Rights

• Right to Access:
  
  • Request copies of your personal data
  • Verification required within 30 days
• Right to Rectification:
  
  • Correct inaccurate information
  • Complete incomplete information
• Right to Erasure:
  
  • Request data deletion
  • Subject to legal retention requirements
  • Processed within 30 days
• Right to Restrict Processing:
  
  • Limit how we use your data
  • Maintain but not process data
  • Temporary or permanent restrictions
• Right to Data Portability:
  
  • Receive data in structured format
  • Transfer data to another provider
  • Direct transfer where technically feasible
• Right to Object:
  
  • Object to processing for specific purposes
  • Object to direct marketing
  • Object to automated decision-making

8.2 Exercise Your Rights

• How to Submit a Request:
  Submit your request via email to support@synap.cloud.
• Provide Verification Information:
  To protect your data and comply with legal requirements, we will need to verify your identity. You may be asked to provide information such as:
  • Your full name
  • Email address associated with your account
  • Additional verification details (e.g., proof of authorization if acting as an authorized agent)
• Specify the Right Being Exercised:
  Clearly indicate the specific right(s) from subsection 8.1 you wish to exercise.
• Processing Time:
  We will respond to verifiable requests within 30 days of receipt. If additional time is required, we will notify you of the extension and explain the delay.
• Authorized Agents:
  If you are submitting a request on behalf of another person, please provide proof of authorization, such as a signed permission letter or valid power of attorney.
• Limitations:
  Certain rights may be subject to limitations or exemptions as allowed by law. We may retain data to comply with legal obligations, resolve disputes, or enforce agreements.
• Additional Assistance:
  If you have questions about your rights or need assistance, please contact us at support@synap.cloud.

8.3 Data Deletion Requests from Patients

• Requesting Deletion of Medical Data:
  Patients may request the complete or partial deletion of their medical recommendation information by contacting us at support@synap.cloud and providing the necessary identifying details.
• Verification and Authorization:
  We will verify that the request comes from the patient (or an authorized agent). If additional documents or proof of identity are required, we will contact you for further information.
• Retention Exceptions:
  While we strive to honor all patient requests, certain data may be retained if required by state or federal law, regulatory obligations, or for legal compliance (e.g., audit logs).
• Removal from Active Systems:
  Upon verified requests, we will securely remove the patient's recommendation data from active systems and update backups as per our data retention policies.
• Confirmation:
  Patients will receive a confirmation once their data has been deleted or anonymized, along with any relevant explanation of partial deletions that are legally mandated to be retained.

9.1 Notification Timeline

In the event of a data breach that compromises the security of personal or sensitive information, we are committed to taking swift and transparent action in compliance with applicable laws, including the California Consumer Privacy Act (CCPA) and California Civil Code Section 1798.82.

• Affected Users:
  We will notify affected individuals as soon as reasonably possible, but no later than 72 hours after discovering the breach, unless otherwise required or delayed by law enforcement requests.
• Authorities:
  Where applicable, we will notify relevant authorities, such as the California Attorney General, within the required timeframe if the breach affects more than 500 California residents.
• Regular Updates:
  Ongoing updates will be provided to affected users during the investigation process to ensure transparency and keep them informed of any significant developments.

9.2 Notification Content

In the event of a data breach, affected individuals will be notified promptly with a clear and comprehensive explanation of the following:

• Nature of the Breach:
  A concise description of what happened, including the type of incident (e.g., unauthorized access, ransomware attack, or data leak) and when it was discovered.
• Categories of Data Affected:
  Specific details about the types of personal or sensitive data exposed (e.g., names, email addresses, medical records, or financial information).
• Approximate Number of Individuals Affected:
  An estimate of the number of people impacted by the breach to help contextualize the scope of the incident.
• Likely Consequences:
  An outline of the potential risks or impacts on individuals, such as identity theft, fraud, or other adverse outcomes.
• Measures Taken or Proposed:
  Actions we have taken or plan to take to contain and address the breach, such as shutting down unauthorized access, enhancing security, or conducting audits.
• Contact Point for More Information:
  Details on how affected individuals can reach us for support. This point of contact can be found in Section 1 of this privacy policy.
• Recommendations for Affected Individuals:
  Practical steps for users to protect themselves, such as resetting passwords or placing fraud alerts on accounts.

By providing clear and actionable information, we aim to minimize potential harm and empower affected individuals to respond effectively to the breach.

10.1 Age Restrictions

Our services are designed for use by individuals who are at least 18 years old. We are committed to protecting the privacy of children in compliance with the Children's Online Privacy Protection Act (COPPA) and applicable laws. Specifically, we comply with the following guidelines:

• No Collection of Data from Minors:
  We do not knowingly collect, use, or disclose personal information from individuals under the age of 18. If we discover that a minor has provided us with personal information, we will take immediate steps to delete such data.
• No Targeted Content or Marketing:
  We do not target our services, content, or marketing efforts toward children under 18 years of age.
• Restricted Account Creation:
  Account registration and access to our services are strictly limited to users who confirm they are at least 18 years old during the signup process.
• Parental Guidance and Reporting:
  If you believe we have inadvertently collected information from a minor, please contact us immediately at support@synap.cloud so we can investigate and take appropriate action, including data deletion.

10.2 Verification and Deletion

If we discover that we have inadvertently collected information from a minor, we will take swift and decisive action to protect their privacy and ensure compliance with COPPA and other applicable laws:

• Immediate Data Deletion:
  All personal information collected from the minor will be securely deleted from our systems to prevent further use or disclosure.
• Parental Notification (When Possible):
  We will make reasonable efforts to notify the parent or legal guardian, informing them of the situation and the actions we have taken.
• Account Termination:
  If the minor has created an account, we will immediately deactivate and delete the account to ensure no further interactions occur.
• Prevention of Future Collection:
  We will review our systems, processes, and controls to prevent any future data collection from minors, including updates to verification methods and safeguards.

We enforce rate limits for API requests, currently set by default to 10000 requests per day and 1000 requests per hour per IP address. Additionally, certain endpoints may enforce stricter limits (e.g., 3 to 5 requests per minute) to protect sensitive actions such as logins or administrative tasks.

These rate limits help ensure overall service stability and protect against malicious activities, including brute-force attempts and denial-of-service attacks. Limits may be updated periodically based on performance requirements and evolving security needs.

12.1 CalOPPA Compliance

In accordance with the California Online Privacy Protection Act (CalOPPA), we are committed to maintaining transparency and user rights. To ensure compliance, we:

• Allow Anonymous Website Visits:
  Users can access certain areas of our website without being required to create an account or provide personal information, supporting privacy-conscious browsing.
• Provide Conspicuous Privacy Policy Access:
  Our Privacy Policy is prominently displayed and accessible from our website's homepage or any relevant page, ensuring users can easily review our data practices.
• Notify Users of Privacy Policy Changes:
  We provide timely updates to users whenever there are significant changes to our Privacy Policy, ensuring transparency about how personal information is collected, used, and shared.
• Allow Personal Information Updates:
  Users can review and update their personal information to ensure accuracy and relevance, fostering greater control over their data.
• Disclose Tracking Practices:
  We clearly outline our practices regarding cookies and other tracking technologies, including what is collected and how it is used, enabling users to make informed decisions about their data.

12.2 CCPA (CPRA) Compliance

In compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), we ensure the following rights for California residents:

• Right to Delete Personal Information:
  You may request the deletion of your personal information, subject to certain exceptions (e.g., when data is necessary for legal or operational purposes).
• Right to Opt-Out of Information Sales:
  You can opt out of the sale or sharing of your personal information with third parties for business purposes, and we provide a "Do Not Sell or Share My Personal Information" link on our website to facilitate this.
• Right to Non-Discrimination for Exercising Rights:
  You will not be denied services, charged different prices, or subjected to discrimination for exercising your privacy rights under the CCPA/CPRA.
• Annual Disclosure of Data Sharing Practices:
  We provide an annual report summarizing our data collection, sharing, and processing practices to ensure transparency and compliance with California regulations.
• Right to Know What Personal Information is Collected:
  You have the right to request detailed information about the personal data we collect, use, disclose, and share, including the categories of information and specific data collected about you.

By upholding these rights, we empower California residents with greater control over their personal information while fostering trust and transparency in our services.

12.3 Additional Compliance Measures

To ensure robust adherence to privacy and data protection regulations, we implement the following measures:

• Regular Compliance Audits:
  We conduct routine internal and external audits to verify that our privacy practices meet or exceed regulatory requirements and industry standards.
• Staff Training on Privacy Regulations:
  All relevant employees receive comprehensive training on privacy laws and data protection practices, ensuring they understand their responsibilities and the importance of safeguarding user information.
• Documentation of Compliance Procedures:
  We maintain detailed records of our compliance policies, procedures, and actions to demonstrate adherence to applicable laws and to facilitate accountability.
• Updates for New Regulations:
  Our team actively monitors changes in privacy laws and regulations, ensuring our policies and practices are updated promptly to remain in full compliance.

These measures underscore our commitment to maintaining the highest standards of privacy and regulatory compliance across all aspects of our operations.

12.4 State-Specific Privacy Rights Regarding Medical Marijuana Information

In addition to federal and California-specific laws, we recognize that states may enact unique privacy protections for individuals who participate in medical marijuana programs. To address these requirements, we:

• Honor Program-Specific Requests:
  If your state's medical marijuana program grants you additional rights (e.g., extended record confidentiality or expedited data removal), you may contact us at support@synap.cloud to exercise those rights.
• Comply with Legal Obligations:
  In states with mandated reporting or data-handling obligations, we implement necessary procedures to remain compliant with local requirements.
• State Privacy Law Updates:
  We routinely monitor updates in state-level legislation that impact medical marijuana data handling and will modify our practices and this Privacy Policy to align with any new or revised requirements.
• Contact for More Information:
  If you have questions about how your state's laws protect your medical marijuana information, please reach out to us so we can clarify or direct you to the relevant statutes.

13.1 Update Process

To ensure our policies remain up-to-date and transparent, we adhere to the following update procedures:

• Regular Policy Reviews:
  We conduct periodic reviews of our Privacy Policy to ensure it reflects current practices, regulatory requirements, and technological advancements.
• User Notification of Material Changes:
  When significant updates are made, we inform users by clearly highlighting the changes within the Privacy Policy and on our website.
• 30-Day Notice for Significant Changes:
  For major updates that impact user rights or data handling practices, we provide at least 30 days' notice to allow users time to review and understand the changes.
• Email Notifications to Registered Users:
  Registered users will periodically receive email updates summarizing key changes to ensure they are informed even if they do not visit our website.

We also ensure that our OAuth consent screen reflects the contents of this Privacy Policy, including:

• The exact same policy URL
• Description of scopes used (e.g., drive.file)
• Contact email (support@synap.cloud)
• Logo and branding matching our platform

These measures help users make informed choices when authorizing our services.

13.2 Version Control

We maintain thorough records of all Privacy Policy updates to ensure transparency and accountability.

• Specify Version Date Requested:
  To help us locate the correct document, users must specify the exact version date or time frame they are requesting.
• Archive Maintained for 5 Years:
  We securely store an archive of all Privacy Policy versions for a minimum of five years to ensure compliance with legal and regulatory requirements.
• Previous Versions Available Upon Request:
  Users can request access to earlier versions of our Privacy Policy to review changes and understand past practices.
• Email support@synap.cloud for Access:
  Requests for previous versions can be made by contacting our support team, ensuring a straightforward and reliable process.

These version control measures ensure transparency in our practices and allow users to access historical records as needed.