%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20url(%23linear-gradient2);%20}%20.st1%20{%20fill:%20url(%23linear-gradient1);%20}%20.st2%20{%20fill:%20url(%23linear-gradient3);%20}%20.st3%20{%20fill:%20url(%23linear-gradient);%20}%20%3c/style%3e%3clinearGradient%20id='linear-gradient'%20x1='128'%20y1='193.4'%20x2='233'%20y2='88.4'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%233f2d86'/%3e%3cstop%20offset='.5'%20stop-color='%23a92b86'/%3e%3cstop%20offset='1'%20stop-color='%23e4215c'/%3e%3c/linearGradient%3e%3clinearGradient%20id='linear-gradient1'%20x1='283'%20y1='422.1'%20x2='388.9'%20y2='316.1'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient2'%20x1='0'%20y1='256'%20x2='423.2'%20y2='256'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient3'%20x1='88.8'%20y1='256'%20x2='512'%20y2='256'%20xlink:href='%23linear-gradient'/%3e%3c/defs%3e%3cpolygon%20class='st3'%20points='218.2%20219.3%20177.8%20144.8%20219%20144.8%20243.2%20189.5%20272.6%20154.5%20241.1%2096.4%20220.5%2096.4%20192.7%2096.4%20151.5%2096.4%20123.8%2096.4%20103.2%2096.4%20188.9%20254.3%20218.2%20219.3'/%3e%3cpolygon%20class='st1'%20points='297.1%20288.7%20339.7%20367.2%20298.5%20367.2%20272.1%20318.5%20242.7%20353.5%20276.4%20415.5%20297%20415.5%20324.8%20415.5%20366%20415.5%20393.8%20415.5%20414.4%20415.5%20326.5%20253.7%20297.1%20288.7'/%3e%3cpolygon%20class='st0'%20points='423.2%2032.6%20374.9%2032.6%200%20479.4%2048.4%20479.4%20423.2%2032.6'/%3e%3cpolygon%20class='st2'%20points='512%2032.6%20463.6%2032.6%2088.8%20479.4%20137.1%20479.4%20512%2032.6'/%3e%3c/svg%3e){kind=small}
Security & privacy
Privacy-first by architecture. Federated at the core.
XpertIntel was designed so your DPO doesn’t have to ask questions. Consent, hashing and federation aren’t settings — they’re the framework.
Consent at the row level
- Every event carries three explicit flags: consent_analytics, consent_cross_product, consent_model_training.
- Destinations declare which consents they require; rows without them are dropped at dispatch, not later.
- Federated learning rounds only see events with consent_model_training = true.
Server-side, hashed
- Customer identifiers are SHA-256-hashed inside the worker before any external call.
- All ad-platform dispatch is server-to-server (sGTM-ready) — no raw PII in the browser pipeline.
- Webhook deliveries are HMAC-signed; receivers verify before processing.
Federated learning
- Models train locally per venture; only weight updates leave the tenant.
- Aggregation runs on the Flower server with strict participant accounting and round-level metrics.
- Raw events never cross venture boundaries.
Access control
- Postgres Row-Level Security on every table; user roles in a separate user_roles table (no role escalation via profile updates).
- Admin-only RPCs for anything that aggregates across ventures.
- Public API keys are hashed at rest with a stable prefix for traceability.
Proof Layer
- Every shareable artefact is a signed, time-limited URL with a revocation token.
- PDF exports embed the CAC baseline used at the time of generation.
- Every figure is reproducible from the underlying xi_events rows.
Operational posture
- Edge runtime deployment; no long-lived secrets in the browser bundle.
- Secrets stored in managed Cloud, rotated independently of code.
- Audit RPCs (get_roadmap_audit) expose live system state to admins, not synthetic claims.
See the framework run live.
Twenty minutes. We’ll show the neural pipeline predicting, the router dispatching autonomously into Google Ads Enhanced Conversions, and a real Proof artefact. No deck.