The things that do not happen by design.

Every operating claim Mechanus IQ produces (a leakage finding, a gate decision, an SOP attestation, a RIA submission row) gets a content-addressable SHA-256 hash and is anchored to an RFC 3161 trusted timestamp and a Hyperledger Fabric private channel with per-tenant or per-consortium isolation. Underlying records remain in encrypted Canadian-residency storage off-chain. Only the commit hashes ride the chain.

The architectural consequence: a reviewing party can verify that a finding existed at a specific moment in time without ever seeing the underlying operating data. PIPEDA right-to-erasure is satisfied because the source record, not the hash, is the personal-data carrier. ADR-009 binds: no VINs, no PII, no operational identifiers leave the encrypted operating store.

Source: governance/amendments/2026-05-07-evidence-architecture-dual-rail.md, sections 4.1 and 5. Constitution Article V-2.

Under both chain rails sits an immediate court-admissible attestation in Canadian jurisdiction: an RFC 3161 timestamp token issued by a recognized Trusted Service Authority (DigiCert or Entrust, per open question OQ-2026-013). Every evidence write receives a TSA token. Any third party can verify the token against the issuing CA without ever touching Mechanus IQ infrastructure.

The cadence is hourly issuance for evidence batches, independent of chain commit. The TSA token is the layer counsel can rely on inside a Canadian proceeding even if the chain rails are unavailable, slow, or unfamiliar to a court.

Source: governance/amendments/2026-05-07-evidence-architecture-dual-rail.md, section 4.2. Open question OQ-2026-013 (vendor finalists).

Mechanus IQ does not receive customer personal information. The CSV templates a dealer exports to us exclude customer names, addresses, phone numbers, email addresses, and social-insurance numbers. The analyzers operate on operational data only: dollar amounts, dates, categorical codes, counts and ratios, and operational identifiers such as stock number, deal number, and repair-order number.

The mechanism is architectural, not contractual. A signed promise can be violated. A column that does not exist in the template cannot be transmitted. Mechanus IQ ingestion validates the columns before any row is admitted. Customer-PII columns are rejected, not redacted.

The blast radius of a Mechanus IQ breach for dealer customers is zero. The dealer keeps the customer file. We keep the operations.

Source: Constitution Article I-4 (PII Non-Retention). CSV templates published per pillar in the pilot runbook.

For any flow that processes free-form text (contract extraction, ingested PDFs), Mechanus IQ runs a two-stage redactor before any AWS Bedrock call. Stage one is AWS Comprehend DetectPiiEntities. Stage two is a custom regex list for SIN, phone in multi-format, and license plate with context word. Operational identifiers (stock number, deal number, repair-order number) are explicitly preserved.

The audit-grade contract is asserted on the literal request body sent to AWS, not on a wrapper representation. Production tests pin that the on-wire Bedrock body does not contain source-PII bytes, does contain the redaction marker, and retains the operational identifiers. A failing test blocks the deploy.

Every invocation produces a paired ai_invocation_event and pii_redaction_event row. The hash of the redacted text on the second row equals the input hash on the first. An auditor reading either row can prove the other existed at the moment of the call.

Source: governance/amendments/2026-05-13-ai-evidence-primitives.md, section 6. Production redactor at platform/backend/app/services/ai/pii_redactor.py. Test contract at tests/services/ai/test_extractor.py::test_extract_with_pii_redacts_before_bedrock.

Employees identified in dealer operations (sales advisor, F&I producer, service advisor, manager) are referenced inside Mechanus IQ only by a dealership-assigned personnel code. Employee names do not enter the system at any layer. The dealer maintains the code-to-name mapping outside our environment.

The control is enforced at the analyzer boundary, not just at the import boundary. Tests sweep all four production analyzers (CIT, F&I, Financial Structure, Service and Warranty) for name-leak into the canonical payload, and into every downstream consumer including ManagerScorecard, ManagerHierarchicalScore, and AffinityResult. A consumer-side leak fails the same gate as an analyzer-side leak.

The practical result for a dealer principal: an internal-affairs anomaly report can be reviewed by counsel without identifying employees, then de-anonymized inside the dealership for the disciplinary step.

Source: Constitution Article I-4. Regression contract at tests/test_analyzer_pii_regression.py.

Mechanus IQ does not run third-party analytics on the public website or inside the product. Absent vendors: Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, Microsoft Clarity, Plausible, Fathom, Mixpanel, Amplitude, Segment, PostHog, session replay, heatmapping, behavioural advertising, fingerprinting libraries. The website does not phone home to a third party. No tracking cookies. No vendor pixels.

Local development tooling enforces the same posture: HF_HUB_DISABLE_TELEMETRY=1, HF_HUB_OFFLINE=1, DO_NOT_TRACK=1 are required defaults. Telemetry-emitting SDKs are not added without explicit founder sign-off.

Privacy is a sales weapon. A dealership group cannot let its operating data be co-mingled with a vendor analytics stack. The dealer customers we never receive cannot be tracked by a vendor we never integrated.

Source: Constitution Article I-1 and the operating contract section “Privacy and Telemetry (Zero Tolerance).” Privacy policy at /privacy.

Mechanus IQ does not train, fine-tune, or use client operating data to improve any artificial-intelligence or machine-learning model. The rule is an Article I-6 constitutional invariant. It appears in every client agreement as an express prohibition. It applies to models we host, models we call through AWS Bedrock, and any model used by a downstream service provider.

Production models are trained on synthetic data and public benchmarks. Inference is the only operation that touches client data, and the inference call is audit-anchored. The pii_redaction_event evidence primitive creates a per-call row proving no customer PII reached the model. A reviewing party can replay the chain and verify that the redaction occurred before the inference call, not after.

Source: Constitution Article I-6. Ratified as an evidence primitive in governance/amendments/2026-05-13-ai-evidence-primitives.md (Constitution v1.7 candidate row).

Operational monitoring runs inside our own infrastructure. Grafana handles metrics and dashboards. Sentry handles application errors. Both are deployed inside AWS ca-central-1. Neither phones a third-party SaaS analytics vendor. Error payloads, performance traces, and dashboard data never cross the Canadian border.

Self-hosted monitoring is more work to operate than SaaS. We accept that overhead because the alternative is the dealer's operating data being inspected by whichever SaaS observability vendor we picked. That trade is not available to us.

Source: Constitution Article I-1 (data residency). Operating contract “Privacy and Telemetry (Zero Tolerance)” section.

The audit-grade test pins the literal on-wire request to AWS Bedrock. If a deploy is observed in which a source-PII byte string reaches that body, the failure is a Constitution Article I-4 and Article I-6 violation. The disclosure obligation runs to every dealer whose pipeline ran during the affected window. The chain anchors created during the window are flagged in the evidence vault. The Bedrock invocation rows are exhibits.

The Fabric channel is peer-resident inside AWS ca-central-1. The RFC 3161 TSA is a commercial Canadian-jurisdiction service. If an attestation is observed in which the issuing node or TSA is outside Canada, the failure is a Constitution Article I-1 violation. The associated finding hashes are re-anchored from a compliant node and the original anchor is retained as evidence of the failure window.

The website and product ship with zero third-party analytics. A merged change that introduces a vendor pixel, a session-recording library, an analytics SDK, or any beacon to a third-party host is a Constitution Article I-1 and operating-contract violation. The change is reverted, the deploy window is identified, the affected visitors or operators are notified, and the engineering control that allowed the merge is audited.

The personnel-code regression contract sweeps four analyzers and three downstream consumers. A finding that contains an employee name in a canonical field is a contract failure. The finding is rolled back from the chain, the analyzer or consumer that produced the leak is patched, and the regression test is extended to cover the specific path before any new finding is anchored.

No model in our infrastructure or in any downstream provider is to be trained, fine-tuned, or evaluated on client operating data. If such a training run is observed, the failure is a Constitution Article I-6 violation and a breach of the standard client agreement. The model is decommissioned, every dealer that contributed inference data during the affected window is notified, and the downstream provider relationship is terminated where the provider is the cause.