Summary — What you need to know
- Your documents are treated as confidential project information from the moment Gallant receives them — used only to generate your analysis and deliverables, never for any other purpose.
- Documents are not shared with other clients or accessible across engagements.
- Documents are not used to train AI models — a protection Gallant commits to contractually with each client and enforces through its processing agreements.
- Documents are retained for 90 days after your final deliverable, then deleted — or earlier on request.
- AI is used strictly as a controlled processing instrument within Gallant's methodology — never a storage system, cross-engagement knowledge base, or training dataset. The processing environment is matched to each engagement's security requirements.
- Federal clients: CUI is processed only within an environment authorized to the applicable standard — typically the prime's or client's accredited, CMMC-compliant enclave — never in Gallant's default commercial setup. Classified information is never processed in commercial AI tools. Contact Gallant before submitting any restricted materials.
Section 01
Purpose
Gallant Project Solutions LLC ("Gallant") processes client documents to generate structured requirements analysis and related project intelligence outputs, including the Gallant Requirements Intelligence Report™. This policy defines how client documents and derivative data are handled, protected, and retained throughout that process.
All client data is treated as confidential project information from the moment it is received. No exceptions.
Section 02
Scope
This policy applies to:
- All documents submitted by clients for analysis
- All derivative outputs generated from those documents — requirements registers, Gallant Requirements Intelligence Reports™, traceability matrices, conflict reports, and related deliverables
- All internal handling, processing, and storage activities conducted by Gallant in connection with a client engagement
Section 03
Core Principles
Purpose-Limited Use. Client documents are used solely for generating requirements extraction, analysis, and related project deliverables for the submitting client's engagement. They are not used for any analysis unrelated to the client's engagement, internal product development beyond what is necessary to deliver contracted scope, or any third-party purpose.
No Cross-Client Data Sharing. Client data is never shared, reused, or exposed across projects. Each engagement is treated as a fully isolated dataset. Requirements, document content, project names, and all derivative outputs are confined to the engagement from which they originated.
No AI Training Use. Client documents and outputs are not used to train AI models. This applies to internal model training by Gallant, external model training by any third party, and any form of dataset aggregation for training purposes.
Controlled Use of AI Tools. Gallant uses commercial AI strictly as a processing instrument within a controlled, purpose-bound workflow. AI tools are not used as a storage system for client data, a knowledge repository accessible across engagements, or a shared dataset for any purpose beyond the immediate analysis session. All AI processing is session-specific, output-directed, and controlled by Gallant personnel.
Data Access Control. Access to client data is restricted to Gallant personnel directly supporting the engagement. It is not accessible to other clients or other engagements and is not made publicly available in any form.
Section 04
Data Storage & Retention
Client documents may be stored temporarily to support analysis, deliverable preparation, and post-delivery clarifications. Gallant's default retention schedule:
| Retention Period |
Condition |
| 90 days post-delivery |
Default. Covers post-delivery clarifications and follow-on questions about the deliverable. |
| Extended per engagement |
For active retainer engagements, retention continues for the duration of the engagement plus 90 days from the final deliverable. |
| Immediate on request |
Clients may request full deletion of submitted documents at any time. Gallant will confirm deletion within 5 business days. |
Section 05
Confidentiality & NDA
Gallant operates under client confidentiality expectations by default — no formal NDA is required for Gallant to treat client documents as confidential. For engagements involving particularly sensitive project information, Gallant will:
- Execute a mutual NDA upon request, prior to document submission
- Align all data handling practices with contractual confidentiality obligations
- Incorporate specific handling requirements into the engagement agreement as needed
Section 06
Federal Project Handling — CUI & Controlled Documents
Important — Federal Clients
Gallant does not accept Controlled Unclassified Information (CUI)-marked documents without a specific handling agreement in place. Clients are responsible for ensuring that documents submitted to Gallant are appropriate for contractor review under applicable federal regulations and contract terms.
Most VA and DoD project documents encountered in AEC design and construction engagements — design guides, program requirements, scope documents — are not CUI-marked and are appropriate for contractor review. If you are uncertain whether a document is CUI or otherwise restricted, contact Gallant before submitting. Gallant will work with federal clients to establish appropriate handling procedures consistent with the applicable contract vehicle and agency requirements.
Section 07
What Does Not Happen
Client documents are never:
- Accessible to other clients or shared across engagements
- Used to train AI models — by Gallant or by any AI tool provider
- Made publicly available in any form
- Used for any purpose beyond generating deliverables for the submitting client
- Retained indefinitely — default 90-day post-delivery retention applies unless extended by agreement
Section 08
AI Processing & Tooling
Gallant's confidentiality and data-handling commitments in this policy are Gallant's own. They are not delegated to, or dependent on, any single technology vendor. AI is used as a controlled processing instrument within Gallant's requirements methodology — never a system of record, a cross-engagement knowledge base, or a training dataset.
The processing environment is matched to each engagement's security requirements:
- Commercial and public-document work is processed on a commercial AI platform under session-specific, purpose-bound controls — with no use of client data for model training and no cross-client access.
- Controlled or federal work, including CUI, is undertaken only within an AI environment authorized to the applicable standard (for example, FedRAMP High or DoD Impact Level) — typically the prime's or client's accredited, CMMC-compliant environment — and never in Gallant's default commercial setup.
- Classified information is never processed in commercial AI tools, under any circumstances.
These protections are committed contractually, directly with the client, and do not rely on any vendor's terms alone. Gallant will disclose the specific processing platform used for an engagement on request and under appropriate confidentiality terms. Clients with specific security, residency, or authorization requirements should raise them before submitting documents, and Gallant will configure the engagement accordingly.
Section 09
Client Responsibilities
By submitting documents to Gallant, clients confirm:
- They are authorized to share the submitted documents with a third-party contractor for analysis purposes
- The documents do not contain CUI-marked, classified, or otherwise legally restricted information unless a specific handling agreement has been established with Gallant
- They have removed any highly sensitive personal, financial, or proprietary information that is not necessary for the requested analysis
Section 10
Common Questions
"Does AI learn from my documents?"
No. Your documents are used only to generate your analysis. Gallant commits contractually that client documents and outputs are never used to train AI models — its own or any third party's — and the commercial AI platforms it uses are operated under terms that prohibit training on customer data.
"Can other clients see my project information?"
No. Each engagement is fully isolated. Your documents, requirements, and deliverables are never shared across projects or accessible to other clients.
"Where are my documents stored?"
Documents are stored within Gallant's controlled work environment for the duration of your engagement plus 90 days after your final deliverable. You can request deletion at any time and Gallant will confirm deletion within 5 business days.
"Is this secure enough for a VA or DoD project?"
For standard, unclassified VA and DoD AEC documents — design guides, program requirements, scope documents that are not CUI-marked — yes; these are appropriate for contractor review on a commercial platform. CUI is handled only within an authorized, CMMC-compliant environment, typically the prime's or client's accredited enclave — not Gallant's default setup. Classified information is never processed in commercial AI tools. For any controlled materials, contact Gallant first to confirm the right environment.
"Do you sign NDAs?"
Yes. Gallant will execute a mutual NDA prior to document submission upon request. Gallant also operates under client confidentiality expectations by default — no formal NDA is required for your documents to be treated as confidential.
"What AI tool does Gallant use?"
Gallant uses commercial AI as a controlled analysis instrument — never as a storage system or knowledge repository — and matches the processing platform to each engagement's security requirements. The specific platform for an engagement is disclosed on request under confidentiality, and for controlled or federal work Gallant operates within the authorized environment the contract requires.
"Who owns the deliverables?"
All deliverables — requirements registers, traceability matrices, intelligence reports, and related outputs — are owned by the client upon delivery. Gallant retains no rights to client-specific deliverable content.
Section 11
Policy Updates
This policy is reviewed annually and updated when material changes occur to Gallant's workflow, AI toolset, storage practices, or applicable legal or contractual requirements. Clients engaged under a prior version will be notified of material changes.