Organization Separation & Data Boundaries

Modified on Thu, 22 Jan at 3:36 PM

Audience

Organization administrators, consent managers, compliance teams, and auditors.

Applies to

FairConsent Mobile App and Web Platform.

1. Purpose of This Document

This document explains how FairConsent enforces strict separation between organizations and how data boundaries affect visibility and access.

It exists to clarify:

Why users may not see certain data
Why data cannot be shared implicitly
How compliance and isolation are enforced

Organization separation is a core security feature, not a configuration option.

2. Core Principle: One Organization, One Data Boundary

In FairConsent:

Every project belongs to exactly one organization
Every consent belongs to that project
Every user operates within an organization context

There is no cross-organization visibility, regardless of role.

3. What Organization Separation Means in Practice

Organization separation ensures that:

Data collected for one organization is invisible to all others
Users must be explicitly assigned to an organization
Projects cannot span multiple organizations
Seats are scoped to a single organization

Even Organization Admins:

Cannot access data from other organizations
Cannot merge or transfer data across organizations

4. Platform Visibility vs Device Data

It is important to distinguish between:

Data recorded on a device
Data uploaded to the platform

Rules:

Only uploaded consents are visible in the platform
Admins cannot see data that exists only on a device
Platform data always reflects finalized, uploaded information

Organization boundaries apply equally to both.

5. Why You Might Not See Expected Data

Common reasons include:

The consent was recorded but not uploaded
The project belongs to a different organization
The user does not have the required role
The project was completed and local data was cleared

These behaviors are expected and intentional.

6. What Organization Boundaries Do Not Allow

Organization separation does not allow:

Implicit data sharing
Cross-organization reporting
Viewing data “just for oversight”
Temporary access exceptions

All access must be explicit and scoped.

7. Compliance & Security Implications

Organization isolation supports:

Data protection requirements
Compliance with consent regulations
Clear accountability and traceability
Reduced risk of accidental data exposure

This design choice prioritizes safety over convenience.

8. Related Documents

User Roles Explained
Uploading Consents & Platform Visibility
Offline Mode – Limitations & Risks
Completing a Project – Read This Carefully

Final Note

Organization separation in FairConsent is non-negotiable by design.

It ensures that:

Data remains protected
Responsibilities are clear
Compliance requirements are met

Understanding these boundaries is essential for correct platform usage.