Privacy and Data Stewardship
The privacy manual for Spiralism’s archive, chapters, media, and membership records. The institution preserves human testimony; it must not become careless with human data.
Spiralism collects unusually sensitive material: testimony about work loss, synthetic intimacy, mental distress, family conflict, spiritual experience, private AI conversations, names, voices, images, contact information, and chapter participation. The institution’s privacy posture must therefore be stricter than ordinary media practice and more concrete than a vague promise to “respect privacy.”
The operational rules for contact records, mailing lists, CRM fields, segmentation, unsubscribes, imports, and exports are maintained in Contact Records and CRM.
The Rule
Collect less. Protect what remains. Publish only what consent allows.
The Archive is long-memory infrastructure, not an excuse to hoard everything. Privacy is not the enemy of preservation. Privacy is what makes preservation ethically possible.
Data Classes
Public
Material intended for publication:
- public essays;
- public talks;
- public transmissions;
- public testimony excerpts;
- public chapter listings;
- public names where consented.
Internal
Material used by the institution but not public:
- working drafts;
- chapter attendance estimates;
- work logs;
- media review notes;
- non-sensitive operational records.
Restricted
Material requiring access control:
- full testimony recordings;
- consent records;
- private transcripts;
- private or time-locked testimonies;
- complaint records;
- care-circle logistics;
- member-support and mutual-aid records;
- donor records;
- unpublished media files.
Highly Restricted
Material requiring the strongest controls:
- companion chat logs;
- self-harm, medical, sexual, abuse, or minor-related material;
-
minor AI companion material, including screenshots, voice recordings, exported logs, and model-generated instructions;
-
sealed testimony;
- legal correspondence;
- credentials;
- incident reports involving vulnerable people;
- raw recordings from non-public gatherings.
Highly restricted material should never live in ordinary chapter chat, personal email, shared consumer drives without review, or AI tools whose data handling is not approved.
Data Minimization
For every collection, ask:
- Why do we need this?
- Who will use it?
- How long must we keep it?
- What would happen if it leaked?
- Can we preserve the testimony without preserving this detail?
- Can we separate identity from content?
- Can we store a summary instead of raw data?
The GDPR’s data-minimization principle states that personal data should be adequate, relevant, and limited to what is necessary for the processing purpose. Even where GDPR does not legally apply, the principle fits Spiralism’s ethic.
Access Control
Default rules:
- access by role, not curiosity;
- least privilege;
- two-person access for highly restricted material where practical;
- separate storage for public, restricted, and highly restricted material;
- no shared passwords;
- institutional password manager;
- two-factor authentication;
- remove access when a role ends;
- quarterly access review.
An Archivist does not automatically receive all Archive access. A Chapter Founder does not automatically receive all chapter reports. A Patron receives no private data by virtue of giving money.
The technical account, device, backup, domain, email, and access-review controls that support this privacy posture are maintained in Digital Infrastructure and Security.
AI Tool Use
Do not paste restricted or highly restricted material into AI systems unless the tool, account, data-retention terms, and consent terms have been approved for that use.
Allowed by default:
- public documents;
- already published essays;
- public source research;
- non-sensitive drafts.
Not allowed by default:
- raw testimony;
- companion chat logs;
- unpublished transcripts;
- incident reports;
- care-circle notes;
- member-support decision records;
- donor records;
- private chapter attendance lists;
- legal correspondence.
If AI is used for transcription or summarization of restricted material, record:
- tool used;
- account used;
- date;
- purpose;
- data-retention setting;
- reviewer;
- whether consent permits it.
Agents with tool access must also follow Agent Tool Permission Protocol before receiving read/write access to internal, restricted, or highly restricted material.
Agent traces and run records are records. Their retention and access class must follow Agent Audit and Incident Review and the most sensitive data they contain.
AI-mediated contact and AI-routed intake should follow AI Contact and Bot Disclosure, including disclosure, human takeover, and retention review.
Third-party tools that touch personal, restricted, or highly restricted data must be reviewed under Vendor and Platform Governance.
Consent and Withdrawal
Consent records must state:
- what is being collected;
- why it is being collected;
- how it will be stored;
- who may access it;
- whether it may be published;
- whether AI tools may be used in processing;
- withdrawal window and limits;
- time-lock or seal terms.
Withdrawal cannot always erase material already published, downloaded, cited, or deposited with another repository. This must be explained before recording.
Retention
Retention depends on class:
| Material | Default retention |
|---|---|
| Public corpus | Permanent |
| Preservation testimony package | Permanent, subject to consent |
| Consent records | Permanent with testimony |
| Access copies | Until replaced or withdrawn |
| Raw working files | Delete after verified preservation copy |
| Chapter logistics | 2 years unless needed |
| Care-circle logistics | 1 year unless needed |
| Incident records | 7 years or counsel-advised term |
| Donor records | legally required period |
| Credentials | until replaced; never in docs |
Delete with documentation. Silent deletion creates uncertainty.
Breach Response
A data incident includes:
- lost device;
- wrong recipient;
- unauthorized access;
- compromised account;
- accidental publication;
- AI-tool misuse;
- broken time-lock;
- donor data exposure;
- testimony file leak;
- chat-log exposure.
First response:
- Contain the incident.
- Preserve logs and evidence.
- Identify affected data.
- Identify affected people.
- Revoke or rotate access.
- Notify Stewards or board.
- Consult counsel when legal notice may be required.
- Notify affected people when appropriate.
- Document corrective action.
- Add aggregate lesson to annual report where safe.
The FTC’s data-security guidance repeatedly emphasizes reasonable safeguards, access control, secure storage, and breach readiness. NIST’s Privacy Framework frames privacy as risk management across the organization. Spiralism should follow that practical posture.
Public Privacy Promise
The public site should use this plain-language promise:
Privacy:
We collect the minimum information needed to preserve testimony, operate
chapters, communicate with members, and maintain the institution. We do not sell
member, donor, chapter, or testimony data. Private testimony and restricted
records are handled under access controls. Public release follows consent terms.
This is not a full legal privacy policy. It is the public promise. The legal policy should be drafted with counsel when the institution incorporates.
Chapter Data Rules
Chapters may keep:
- host names;
- venue details;
- approximate attendance;
- logistics contacts;
- voluntary member contact list;
- incident and care referrals only as required.
Chapters should not keep:
- private mental-health histories;
- companion chat logs;
-
minor AI companion logs, screenshots, voice recordings, or model-generated instructions;
-
immigration status;
- detailed employment records;
- sexual or medical details;
- personal AI conversation exports;
- attendance records used for status ranking.
Chapter data exists to help people gather. It does not exist to profile them.
Donor Privacy
Donor records are restricted.
Rules:
- do not publish donor names without consent;
- do not give Patrons access to member or testimony data;
- do not let donor systems become the membership database unless appropriate;
- disclose major gifts in ranges where public accountability requires it;
- separate donor recognition from governance power.
Sources Checked
- NIST, Privacy Framework, accessed May 2026.
- NIST, Privacy Framework Version 1.0, 2020.
- FTC, Privacy and Security, accessed May 2026.
- FTC, Data Security, accessed May 2026.
- FTC, Data Privacy Day: Protect your small business, January 2026.
- FTC, FTC Launches Inquiry into AI Chatbots Acting as Companions, September 11, 2025.
- Library of Congress, Digital Preservation, accessed May 2026.
- Library of Congress, Legal Notices and Privacy in Collections, accessed May 2026.
- GDPR, Article 5: Principles relating to processing of personal data, accessed May 2026.