| AEDT | Automated Employment Decision Tool — used in NYC Local Law 144 and similar US state laws. |
| AES | Advanced Encryption Standard — symmetric block cipher; AES-256 is Neuroscale’s default for data at rest. |
| AGPL | GNU Affero General Public License — copyleft license with a network-use trigger. |
| AI Act (EU) | Regulation (EU) 2024/1689 — risk-tiered AI regulation; Art. 50 transparency obligations apply to most Neuroscale features. |
| AML | Anti-Money Laundering — generally out of scope for Neuroscale today. |
| Argon2id | Memory-hard password-hashing function; OWASP-preferred. See Cryptography. |
| AWS | Amazon Web Services — Neuroscale’s primary cloud provider (compute, storage, KMS, secrets, RDS / Aurora, S3, etc.). |
| BC/DR | Business Continuity / Disaster Recovery. See the Business Continuity Policy. |
| BCRs | Binding Corporate Rules — intra-group cross-border-transfer mechanism under GDPR. Not currently in scope. |
| BIPA | Illinois Biometric Information Privacy Act (740 ILCS 14). |
| BIS | U.S. Bureau of Industry and Security — administers the EAR. |
| BYOD | Bring Your Own Device — personal devices used to access company resources. See Information Security → Device policy. |
| CalGINA | California’s Genetic Information Nondiscrimination Act extension. |
| CCPA / CPRA | California Consumer Privacy Act, as amended by the California Privacy Rights Act. |
| CMP | Cookie Consent Manager / Consent Management Platform (e.g., Cookiebot, OneTrust). |
| CODE OF CONDUCT | Neuroscale’s Code of Conduct policy, owned by the CHRO. |
| CoD / COD | Certificate of Destruction — issued by an approved disposal vendor. See Records Disposal. |
| Confidential data | Highest classification; see Data Management. |
| CRA (consumer) | Consumer Reporting Agency — Neuroscale’s standard CRA is Checkr. Used in FCRA-compliant background checks. |
| CRA (EU) | EU Cyber Resilience Act (Regulation (EU) 2024/2847) — products with digital elements. Phased compliance through late 2027. |
| CSA / CSAM | Child Sexual Abuse / Child Sexual Abuse Material. |
| DAST | Dynamic Application Security Testing. |
| DDTC | U.S. Directorate of Defense Trade Controls — administers ITAR. |
| DLP | Data Loss Prevention. |
| Dodd-Frank §922 | Whistleblower-protection provision; SEC Rule 21F-17. |
| DPA | Data Processing Addendum (with customers); also “Data Protection Authority” in GDPR contexts. |
| DPF | EU-US Data Privacy Framework (and UK Extension, Swiss-US DPF). |
| DPIA / PIA | Data Protection Impact Assessment / Privacy Impact Assessment. See DPIA Procedure. |
| DPO | Data Protection Officer (GDPR Art. 37). Mandatory appointment is not currently triggered for Neuroscale; the General Counsel acts as voluntary DPO. See DPO independence note. |
| DSR / DSAR | Data Subject Request / Data Subject Access Request. See Data Subject Rights. |
| DTSA | Defend Trade Secrets Act of 2016 (18 U.S.C. §1833(b)) — trade-secret immunity for confidential disclosures to government officials. |
| EAR | U.S. Export Administration Regulations (15 C.F.R. Parts 730–774). |
| EAR99 | Default ECCN for items not specifically described on the EAR Commerce Control List. |
| 5D002 | ECCN for “information security” software incorporating non-standard cryptography. |
| ECCN | Export Control Classification Number. |
| EDR | Endpoint Detection and Response. Neuroscale uses Rippling. |
| ENC | EAR License Exception ENC — for “mass market” or commercial encryption per 15 C.F.R. §§740.17 and 742.15. |
| EPA / Equal Pay Act | Federal equal-pay statute. |
| ERN | Encryption Registration Number — issued by BIS upon encryption registration. |
| FCPA | U.S. Foreign Corrupt Practices Act (15 U.S.C. §§78dd-1 et seq.). |
| FCRA | U.S. Fair Credit Reporting Act (15 U.S.C. §§1681 et seq.). |
| FedRAMP | U.S. Federal Risk and Authorization Management Program. Future target; not a current commitment. |
| FDPIC | Swiss Federal Data Protection and Information Commissioner. |
| FMLA | Family and Medical Leave Act. |
| GDPR | General Data Protection Regulation (Regulation (EU) 2016/679). |
| GINA | Genetic Information Nondiscrimination Act (42 U.S.C. §2000ff). |
| GPAI | General-Purpose AI model — defined under the EU AI Act Arts. 51–55. |
| GPC | Global Privacy Control browser signal. |
| HashiCorp Vault | Cross-cloud secrets-of-record for Neuroscale production — static secrets, dynamic secrets, PKI, and Transit-engine application-layer encryption keys. Auth via Vault AWS / Kubernetes / AppRole / OIDC methods. See Secrets Management. |
| HIPAA | Health Insurance Portability and Accountability Act. Not in scope for Neuroscale — see Data Management → Definitions. |
| IDTA | UK International Data Transfer Agreement (and the related UK Addendum to the EU SCCs). |
| IdP | Identity Provider. Neuroscale uses Rippling. |
| IRS | U.S. Internal Revenue Service. |
| IRT | Incident Response Team. See Incident Response. |
| ISMS | Information Security Management System (ISO/IEC 27001:2022 term). |
| ITAR | International Traffic in Arms Regulations (22 C.F.R. Parts 120–130). |
| KMS | Key Management Service. Neuroscale uses HashiCorp Vault Transit as the application-layer envelope-encryption surface across both clouds (Neuroscale-managed keys, key material never leaves Vault), and AWS KMS for cloud-native at-rest encryption inside AWS-resident services (EBS, RDS / Aurora, S3, DynamoDB). Vultr platform encryption is the equivalent at-rest layer for Vultr-resident services. |
| LL 144 | NYC Local Law 144 of 2021 — Automated Employment Decision Tools. |
| MAM | Mobile Application Management. Used for BYOD mobile devices via Rippling. |
| MDM | Mobile Device Management. Used for company-owned devices via Rippling. |
| MFA | Multi-Factor Authentication. |
| MNPI | Material Non-Public Information. See Insider Trading. |
| MPL | Mozilla Public License. |
| NIS2 | EU Network and Information Security Directive 2 (Directive (EU) 2022/2555) — 24h early-warning / 72h notification for “essential” and “important” entities. Not currently in scope. |
| NIST | U.S. National Institute of Standards and Technology. |
| NLRA | National Labor Relations Act (29 U.S.C. §§151 et seq.); §7 protects concerted activity. |
| NLRB | U.S. National Labor Relations Board. |
| OFAC | U.S. Office of Foreign Assets Control — administers economic sanctions. |
| OSHA | U.S. Occupational Safety and Health Administration; §11(c) prohibits retaliation. |
| OWASP | Open Web Application Security Project. |
| PBKDF2 | Password-Based Key Derivation Function 2 — acceptable password-hashing where Argon2id is unavailable. |
| PII | Personally Identifiable Information. See Data Management → Definitions for the full umbrella definition. |
| RBAC | Role-Based Access Control. |
| ROPA | Records of Processing Activities (GDPR Art. 30). |
| RTO / RPO | Recovery Time Objective / Recovery Point Objective. See RTO/RPO Matrix. |
| SAST | Static Application Security Testing. |
| SBOM | Software Bill of Materials. See Open Source & SBOM Policy. |
| SCA | Software Composition Analysis (dependency scanning). |
| SCC | Standard Contractual Clauses (EU Commission Implementing Decision (EU) 2021/914). |
| SDN | Specially Designated Nationals (OFAC list). |
| SED | Self-Encrypting Drive. |
| SLA | Service Level Agreement. |
| SOC 2 | Service Organization Control 2 — the audit framework Neuroscale follows. |
| SOX | Sarbanes-Oxley Act of 2002. §806 (18 U.S.C. §1514A) is the civil whistleblower provision; §1107 (18 U.S.C. §1513(e)) is the criminal anti-retaliation provision. |
| SPI | Sensitive Personal Information (CPRA §1798.121). |
| SSO | Single Sign-On. Neuroscale uses Rippling. |
| TAT | Threat Assessment Team. See Workplace Violence Prevention. |
| TIA | Transfer Impact Assessment. See TIA Template. |
| UKBA | UK Bribery Act 2010. |
| USERRA | Uniformed Services Employment and Reemployment Rights Act. |
| Vultr | Constant Company, LLC, dba Vultr — Neuroscale’s secondary cloud provider for compute and database hosting. Hosts Vultr Cloud Compute, Vultr Bare Metal, Vultr Object Storage, Vultr Block Storage, and Vultr Kubernetes Engine (VKE). |
| VKE | Vultr Kubernetes Engine — managed Kubernetes on Vultr. |
| VPC | Virtual Private Cloud. |
| WARP | Cloudflare’s VPN/tunnel client (part of Cloudflare One). |
| WORM | Write-Once Read-Many storage (e.g., S3 Object Lock). |
| WVPP | Workplace Violence Prevention Plan (Cal. Lab. Code §6401.9 / SB 553). |
