Trust Center · Data Governance

Data Governance & Sovereignty

Government programme owners typically require clear ownership and stewardship definitions. MTSAi's data governance posture is designed to support procurement review and contract-defined controls.

Domain Data Governance

Posture Contract-Defined

Status Designed · In Build

Evidence Under NDA / RFP

Ownership and Roles (Defined by Contract)

The city or state authority is the data controller. MTSAi operates as a data processor, acting only within the parameters set by the government authority. Ownership and role definitions are contract-defined and reviewable.

Key Commitment

No data is used beyond the scope defined in the government contract. City authority owns all programme data throughout the lifecycle.

Access Logging and Auditability Posture

Designed to produce access and change records appropriate for internal reviews and dispute handling. Audit log exports are available to the city authority at any time.

Key Commitment

All data access by MTSAi staff is logged and audit-exportable. City authority can request full export at any time without restriction.

Retention Posture (Deployment-Defined)

Retention requirements are defined by contract, buyer policy, and applicable directions from competent authorities. Deletion controls and schedules are included in procurement documentation.

Key Commitment

Retention periods are not set unilaterally by MTSAi. The government authority defines what is retained, for how long, and the deletion verification process.

Data Boundaries

Public Boundaries

Governance posture and high-level descriptions
Claims-safe explanations of lifecycle and evaluation approach
Versioning discipline and procurement routes

Restricted Boundaries — NDA/RFP

Deployment architecture detail
Interface catalogs and data dictionaries
Detailed security configurations
Customer-specific evidence and operational runbooks

What Reviewers Can Require

Clear data ownership clauses and permissible use boundaries
Audit log export requirements
Data export schema requirements for exit and portability
Retention and deletion controls and evidence requirements

Compliance Status

Designed

DPDP Alignment

Data Principal rights (access, correction, erasure) designed into contract structure per DPDP Act 2023.

In Build

Audit Export

Structured log export capability designed; implementation subject to deployment scope and contract.

Reviewable

Data Sovereignty

Government is data controller. All data residency requirements can be specified in contract.

Full data governance specification available for qualified procurement teams. — Request documentation →

Review Procurement Materials

Access versioned data governance documentation through the procurement and evaluation pack.

View Procurement & Evaluation Materials → Ask a data governance question

Platform Status Disclosure

Pre-Deployment Status (Jan 2026)

No live city implementations are currently operational. All deployment, outcome, and operational capability references are design specifications subject to government procurement, contract execution, and implementation.

Compliance Status

All references to regulatory frameworks represent design intent and readiness posture. Final compliance is verified through government audit per contract scope.

International References

Case study outcomes cited from London, Singapore, Stockholm, and other cities are external examples from independent transportation authorities, not MTSAi deployments.