Contract effective date: September 18, 2024. Runtime consent, request, security, audit, and deployment timestamps remain factual records.
AI, Quantum and HealthTech Release Go/No-Go Policy
Required go/no-go questions
A release is No-Go until every answer below is complete and approved:
- What countries and app stores are targeted?
- What personal, sensitive, health, biometric, child, financial, location and AI data is collected?
- What SDKs, APIs, AI providers and subprocessors receive data?
- Are privacy notices, platform labels and in-app screens consistent with actual code behavior?
- Is the app medical, clinical, therapeutic, diagnostic, hospital-facing, provider-facing, patient-facing, wellness-only or non-health?
- Does FDA, HIPAA, HBNR, state consumer health law, EU MDR, UKCA, local medical device law or app-store health policy apply?
- Does the AI make or assist consequential decisions?
- Are human oversight, appeal, adverse-event reporting and safety escalation implemented?
- What cryptography protects long-lived sensitive data, and is there a PQC migration plan?
- Are marketing claims substantiated?
Mandatory approvals
- Product owner.
- Security lead.
- Privacy lead.
- AI governance owner when AI is present.
- Healthtech/clinical safety owner when health claims or clinical workflows are present.
- Local counsel or documented risk owner for high-risk countries.