Privacy

How the demonstration deployment at norma.sevres.org handles data. The Sèvres umbrella site (sevres.org) and the CLASP specification site (clasp.sevres.org) have separate, minimal privacy notices; this one is more substantial because Norma actually exercises the CLASP protocol against a database.

What this deployment collects

• License records. Every token issued by the/<publisher>/api/oauth/token endpoint writes a row to the licenses Postgres table. The row contains the publisher, an issued license identifier (LID), the SHA-256 fingerprint of the license identifier (used to populate the citation envelope's license_id_fingerprint field), issuance and expiration timestamps, and arevoked_at timestamp once revoked. The deployment does not attempt to identify the requesting party; tokens are minted on demand without authentication.
• Tool-call audit log. Every call to/<publisher>/api/mcp writes a row to thetool_call_log Postgres table. The row contains the publisher, the tool name, status, returned-citation counts, the envelope's content-hash, the LID under which the call was authorized, and the timestamp.
• Submitted artifacts (transient). Thecompliance_check tool accepts an uploaded artifact for gap analysis. The artifact is processed in memory for the duration of the tool call only and is NOT retained beyond the call. The finding records emitted into the response, and their hashes recorded in the audit log, are derived from the artifact but do not preserve it.

What this deployment does not collect

• No identity. The OAuth flow issues tokens without authentication.
• No payment information.
• No browser cookies on the static pages.
• No third-party analytics, telemetry, or tracking pixels.
• No persistent storage of artifacts submitted to compliance_check.

Retention

Because this is a demonstration deployment, the database may be wholesale reset or rebuilt at any time without notice. Audit-log rows and license records persist between such resets at the project's discretion. Do not rely on this deployment for any record-keeping of consequence.

Server-side logging

The site is hosted on Vercel; the database is Neon (provisioned via Vercel's Postgres integration). Both providers maintain their own operational logs. Vercel's data handling is governed by Vercel's privacy policy; Neon's by Neon's privacy policy.

Deletion requests

Because the deployment does not collect identifying information, there is normally nothing to delete on a per-individual basis. If you can identify a specific LID, audit-log row, or response that you want purged, email info@sevres.org with the relevant identifiers and we will remove them.

Security disclosures

See the security policy. In short: email info@sevres.org rather than opening a public issue.

Contact

Questions or corrections: info@sevres.org.

Updated 2026-05-18.