Done-for-you offer · Fractional CMO with AI Swarm · customer-history 4-skill bundle · customer-history agent
Versioned customer history for DTC ecommerce, subscription-commerce, marketplace, multi-location retail, multi-unit franchise, multi-location service brand, multi-location healthcare, and PE-sponsored portfolio operators — Capture + Resolve + Version + Attest 4-skill bundle on the customer-history agent, under a 5-anchor compliance overlay anchored on CCPA + CPRA Sensitive + MHMDA + Colorado Sensitive + GDPR Articles 15 + 16 + 17 + 18 + 20 + 21 + 22 + IAB TCF + Google Consent Mode, ECOA + Fair Housing + Title VII + Mobley v Workday + per-vendor protected-class-fields prohibition when customer-history feeds AI, HIPAA + GLBA + FCRA + 21 CFR Part 11 + per-vertical + per-state breach notification, FRCP duty-to-preserve + legal-hold + Zubulake + CCPA Section 1798.105 deletion exemption for regulatory + SEC + FINRA + IRS + SOX + 18 USC 1519, and NIST AI RMF + EU AI Act Article 9 + 10 + 13 + 14 + 26 + 50 + per-vendor LLM zero-retention + attorney- client privilege Upjohn + Hickman + privilege-class tagging
You preserve the historical state of every customer record so when a consumer files a CCPA Section 1798.105 deletion request or GDPR Article 17 erasure request, you can process it accurately while preserving records you are required by law to retain. CCPA Section 1798.105(d) enumerates deletion exemptions including compliance with legal obligation; per-vertical record- retention (HIPAA + HITECH + GLBA Safeguards + FCRA + 21 CFR Part 11 + per-vertical FDA + DEA + DISCUS + cannabis + FDA CTP + FTC Health Products + state insurance + state real-estate + state medical-board + per-state breach notification) applies per-vertical. Per-vertical financial record-retention applies (SEC Rule 17a-4 + FINRA Rule 4511 + IRS Section 6001 + SOX 802 + 18 USC 1519). FRCP duty-to-preserve under legal-hold (Rule 26 + Rule 34 + Rule 37(e) spoliation revised December 2015 + Sedona Conference + Zubulake v UBS Warburg SDNY 2003- 2004) also overrides consumer-deletion. ECOA + Fair Housing + Title VII + Mobley v Workday (ND Cal 2024) disparate-impact-on-protected-class + per-vendor protected-class-fields prohibition apply when customer- history feeds AI scoring or ranking. NIST AI RMF + ISO 42001 + EU AI Act (Regulation 2024/1689) Article 9 risk management + Article 10 data-governance + Article 13 + Article 14 + Article 26 + Article 50 + per-vendor LLM zero-retention apply when AI processes customer- history. Attorney-client privilege under Upjohn v United States (449 U.S. 383, 1981) + Hickman v Taylor (329 U.S. 495, 1947) + Federal Rule of Evidence 502 + Federal Rule of Civil Procedure 26(b)(3) work-product + ABA Model Rules 1.6 + 1.13 + 2.1 + 4.1 + SOX 307 attorney-reporting + privilege-class tagging applies when customer-history touches potential litigation or regulatory inquiry. The CDP, identity-resolution, time- travel data lake, temporal-DB, MDM, and cryptographic- signing vendors below ship strong primitives. The orchestration above them is operator-side architecture. You keep all subscriptions, signing keys, posture libraries, registers, and audit trail. You keep the ability to in-house at any time.
Published October 11, 2026
The real ecosystem this sits above
CDP + identity-resolution
CDP: Segment, mParticle, RudderStack, Snowplow, Tealium, Treasure Data. Identity-resolution: LiveRamp RampID, ID5, The Trade Desk Unified ID 2.0, Lotame Panorama ID, Adstra, Audigent, InfoSum. Each ships strong primitives. Per-source consent-class register + per-source data-class register + per-jurisdiction data-residency register + per-vendor sub-processor + per-vendor international-transfer + identity- resolution-posture above them is operator-side architecture.
Warehouse + time-travel + temporal-DB + MDM + cryptographic-signing
Warehouse: Snowflake, BigQuery, Databricks, Redshift. Time-travel: Snowflake Time Travel, Snowflake zero- copy clone, Iceberg, Hudi, Delta Lake. Temporal-DB: PostgreSQL temporal, MariaDB temporal, Microsoft SQL Server temporal, Oracle Flashback. MDM: Profisee, Reltio, Tibco EBX, Informatica MDM, Stibo STEP MDM. Cryptographic-signing: AWS KMS, Azure Key Vault, Google Cloud KMS, HashiCorp Vault, AWS CloudHSM, Thales Luna HSM. Each ships strong primitives. Per- class deletion-versus-retention decision matrix + per-vertical record-retention register + FRCP duty- to-preserve + legal-hold posture + protected-class- fields suppression policy + EU AI Act Article 10 data-governance above them is operator-side architecture.
Policy-as-code + WORM + legal research
Policy-as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. Legal: Westlaw, Lexis+, Bloomberg Law, Practical Law. Each ships strong primitives. The 5-anchor compliance gate is operator-side architecture.
Frequently asked
What does versioned customer history deliver, and how does the 4-skill bundle decompose?
An orchestration layer above the operator CDP + identity-resolution + warehouse + time-travel + master-data-management + cryptographic-signing + policy-as-code + WORM-storage stack that captures, resolves, versions, and signs the historical state of every customer record so the operator can satisfy CCPA + GDPR + state-comprehensive-privacy access + correction + deletion + portability requests, FCRA accuracy + dispute response, HIPAA + GLBA + per-vertical regulator inquiries, FRCP duty-to-preserve under litigation hold, and AI-governance Article 22 + Article 10 data-governance obligations under operator-counsel-and-CISO-and-privacy-officer-and-AI-governance-team-approved gates. Skill 1 — Capture: capture every customer event + state-change through operator CDP (Segment + mParticle + RudderStack + Snowplow + Tealium + Treasure Data — operator chooses) into operator warehouse (Snowflake + BigQuery + Databricks + Redshift — operator chooses) with time-travel (Snowflake Time Travel + Snowflake zero-copy clone + Iceberg + Hudi + Delta Lake — operator chooses) + temporal databases (PostgreSQL temporal + MariaDB temporal + Microsoft SQL Server temporal + Oracle Flashback — operator chooses). Capture respects operator-counsel-approved per-source consent-class + per-source data-class + per-jurisdiction data-residency + IAB TCF v2.2 + Google Consent Mode v2 + Apple ATT + ITP. Skill 2 — Resolve: resolve identity across sources through operator identity resolution graph (LiveRamp RampID + ID5 + The Trade Desk Unified ID 2.0 + Lotame Panorama ID + Adstra + Audigent + InfoSum — operator chooses) + master-data-management (Profisee + Reltio + Tibco EBX + Informatica MDM + Stibo STEP MDM — operator chooses). Resolve respects operator-counsel-approved consented-first-party-keyed identity preference + per-vendor sub-processor + per-vendor international-transfer (EU Standard Contractual Clauses + UK IDTA + Data Privacy Framework) + protected-class-fields prohibition per ECOA + Fair Housing + Title VII + Mobley v Workday + per-vendor protected-class-fields suppression when customer-history feeds AI scoring or ranking. Skill 3 — Version: version each customer-record state-change as an immutable point-in-time snapshot. Versioning supports CCPA Section 1798.105 deletion + Section 1798.106 correction + Section 1798.110 access + Section 1798.115 disclosure + Section 1798.120 opt-out (per-subject-request reconstruction) + CPRA Sensitive Personal Information Section 1798.121 + Washington MHMDA + Colorado CPA Sensitive + Connecticut CTDPA + Texas TDPSA + Oregon OCPA + state-comprehensive-privacy + GDPR Articles 15 + 16 + 17 + 18 + 20 + 21 + 22 + UK GDPR. Versioning honors per-vertical record retention under HIPAA 45 CFR 164 + HITECH + GLBA Safeguards + FCRA 15 USC 1681 + 21 CFR Part 11 + per-vertical FDA + DEA + DISCUS + cannabis + FDA CTP + FTC Health Products + state insurance + state real-estate + state medical-board + per-state breach notification + CCPA Section 1798.105 deletion exemption for regulatory + SEC Rule 17a-4 + FINRA Rule 4511 + IRS Section 6001 + SOX 802 + 18 USC 1519. Versioning also honors FRCP Rule 26 + Rule 34 + Rule 37(e) spoliation-sanctions (revised December 2015) + Rule 37(f) + Sedona Conference principles + ESI + duty-to-preserve + legal-hold + Zubulake v UBS Warburg (SDNY 2003-2004). Skill 4 — Attest: emit per-customer per-version per-event attestation (per-source consent-class + per-source data-class + per-jurisdiction data-residency + per-vendor sub-processor + per-vendor international-transfer + per-vendor identity-resolution-posture + protected-class-fields suppression + per-vertical record-retention compliance + FRCP duty-to-preserve + legal-hold status + CCPA + GDPR + state-comprehensive-privacy compliance posture + EU AI Act Article 10 data-governance posture + per-vendor LLM zero-retention when AI processes customer-history + attorney-client privilege under Upjohn v United States 449 U.S. 383, 1981 + Hickman v Taylor 329 U.S. 495, 1947 + Federal Rule of Evidence 502 + privilege-class tagging + counsel-policy-version + CISO-policy-version + privacy-officer-policy-version) to the operator WORM audit trail with operator-controlled cryptographic-signing key (AWS KMS + Azure Key Vault + Google Cloud KMS + HashiCorp Vault + AWS CloudHSM + Thales Luna HSM — operator chooses).
Where does single-vendor CDP or identity-resolution or time-travel tooling stop compounding for versioned customer history at DTC ecommerce scale?
Single-vendor CDP is solved. Segment + mParticle + RudderStack + Snowplow + Tealium + Treasure Data ship strong managed CDP. Identity resolution: LiveRamp RampID + ID5 + The Trade Desk Unified ID 2.0 + Lotame Panorama ID + Adstra + Audigent + InfoSum. Warehouse: Snowflake + BigQuery + Databricks + Redshift. Time-travel: Snowflake Time Travel + Snowflake zero-copy clone + Iceberg + Hudi + Delta Lake. Temporal databases: PostgreSQL temporal + MariaDB temporal + Microsoft SQL Server temporal + Oracle Flashback. MDM: Profisee + Reltio + Tibco EBX + Informatica MDM + Stibo STEP MDM. Cryptographic-signing: AWS KMS + Azure Key Vault + Google Cloud KMS + HashiCorp Vault + AWS CloudHSM + Thales Luna HSM. The compound case the customer-history agent has to handle is the one where (a) operator runs DTC ecommerce + subscription-commerce + marketplace × N customer touchpoints (web + mobile + email + SMS + call center + storefront + chat + paid) × per-jurisdiction × per-vertical, (b) CCPA Section 1798.105 deletion + Section 1798.106 correction + Section 1798.110 access + Section 1798.115 disclosure + Section 1798.120 opt-out + CPRA Sensitive Personal Information + state-comprehensive-privacy + GDPR Articles 15 + 16 + 17 + 18 + 20 + 21 + 22 require per-subject-request reconstruction over years of history, (c) ECOA + Fair Housing + Title VII + Mobley v Workday + per-vendor protected-class-fields prohibition apply when customer-history feeds AI scoring or ranking, (d) per-vertical record-retention (HIPAA + HITECH + GLBA Safeguards + FCRA + 21 CFR Part 11 + per-vertical FDA + DEA + DISCUS + cannabis + FDA CTP + FTC Health Products + state insurance + state real-estate + state medical-board) collides with CCPA deletion + GDPR Article 17 erasure — CCPA Section 1798.105 deletion exemption for regulatory preserves records required by law, (e) FRCP duty-to-preserve under litigation hold + Sedona Conference principles + Rule 37(e) spoliation sanctions + Zubulake apply, (f) NIST AI RMF + ISO 42001 + EU AI Act (Regulation 2024/1689) Article 9 + Article 10 data-governance + Article 13 + Article 14 + Article 26 + Article 50 + per-vendor LLM zero-retention apply, (g) attorney-client privilege under Upjohn + Hickman + Federal Rule of Evidence 502 + Federal Rule of Civil Procedure 26(b)(3) + ABA Model Rules 1.6 + 1.13 + SOX 307 + privilege-class tagging apply. Without an orchestration layer above the vendors, per-subject-request reconstruction breaks under cross-source state drift, CCPA deletion versus per-vertical record-retention collision breaks, FRCP duty-to-preserve under litigation hold fragments, ECOA + Fair Housing + Title VII + Mobley protected-class-fields suppression fragments when customer-history feeds AI, EU AI Act Article 10 data-governance fragments, per-vendor LLM zero-retention fragments. The orchestration above the vendors is what holds the cross-source + cross-jurisdiction + cross-version invariants.
How does Skill 3 Version handle the CCPA Section 1798.105 deletion request versus per-vertical record-retention collision?
CCPA Section 1798.105 deletion exemption preserves records the operator is required by law to retain. CCPA Section 1798.105(d) enumerates deletion exemptions including: completing the transaction, providing the good or service, security and integrity, debugging, exercising free speech, compliance with legal obligation, public-interest research, internal uses reasonably aligned with consumer expectations, and other legal compliance. Per-vertical record-retention (HIPAA 45 CFR 164 + HITECH + GLBA Safeguards + FCRA 15 USC 1681 + 21 CFR Part 11 + per-vertical FDA + DEA + DISCUS + cannabis + FDA CTP + FTC Health Products + state insurance + state real-estate + state medical-board + per-state breach notification) applies per-vertical. Per-vertical financial record-retention applies (SEC Rule 17a-4 + FINRA Rule 4511 + IRS Section 6001 + SOX 802 + 18 USC 1519). FRCP duty-to-preserve under legal-hold also overrides consumer-deletion. Version implements operator-counsel-and-privacy-officer-approved per-class deletion-versus-retention decision matrix at the moment of deletion-request processing: per-class regulatory exemption + per-class active-legal-hold + per-class active-litigation + per-class active-investigation get retained per CCPA Section 1798.105(d) exemptions and per-vertical statute; remaining classes get processed under the consumer-deletion-request. Per-class deletion-versus-retention attestation writes to WORM audit trail with rule-citation evidence + per-class regulatory-exemption-status + per-class legal-hold-status + counsel-policy-version + privacy-officer-policy-version. Per-deletion-request CCPA verification (operator confirms identity per CCPA verification requirements before deletion) preserves the verification-record per CCPA Section 1798.130 record-keeping requirement.
What compliance does the orchestration enforce, and how does it map to CCPA + GDPR + ECOA + HIPAA + FRCP + NIST AI RMF + EU AI Act?
Five anchors. Anchor 1 — CCPA + CPRA Sensitive + GDPR + state-comprehensive-privacy + IAB TCF + Google Consent Mode. CCPA Section 1798.105 deletion + Section 1798.106 correction + Section 1798.110 access + Section 1798.115 disclosure + Section 1798.120 opt-out + Section 1798.121 Sensitive Personal Information + Washington MHMDA + Colorado CPA Sensitive + Connecticut CTDPA + Texas TDPSA + Oregon OCPA + state-comprehensive-privacy + GDPR Articles 15 access + 16 rectification + 17 erasure + 18 restriction + 20 portability + 21 objection + 22 automated-decision-making + UK GDPR + cookie consent + IAB TCF v2.2 + Google Consent Mode v2. Anchor 2 — ECOA + Fair Housing + Title VII + Mobley + per-vendor protected-class-fields prohibition when customer-history feeds AI scoring or ranking. ECOA 15 USC 1691 + Fair Housing Act 42 USC 3604 + Title VII 42 USC 2000e + ADEA + ADA + per-state similar + EEOC + HUD + state-AG + Mobley v Workday (ND Cal 2024) disparate-impact-on-protected-class + per-vendor protected-class-fields prohibition. Anchor 3 — Per-vertical record-retention + per-state breach notification when customer-history touches regulated data. HIPAA 45 CFR 164 + HITECH + GLBA Safeguards + FCRA 15 USC 1681 + 21 CFR Part 11 + per-vertical FDA + DEA + DISCUS + cannabis + FDA CTP + FTC Health Products + state insurance + state real-estate + state medical-board + per-state breach notification. Anchor 4 — FRCP + duty-to-preserve + legal-hold + CCPA Section 1798.105 deletion exemption for regulatory + SEC + FINRA + IRS + SOX + spoliation. FRCP Rule 26 + Rule 34 + Rule 37(e) spoliation-sanctions (revised December 2015) + Rule 37(f) + Sedona Conference principles + ESI + duty-to-preserve when litigation-or-investigation-reasonably-anticipated + legal-hold-policy + Zubulake v UBS Warburg (SDNY 2003-2004) + CCPA Section 1798.105 deletion exemption for regulatory + SEC Rule 17a-4 + FINRA Rule 4511 + IRS Section 6001 + SOX 802 + 18 USC 1519. Anchor 5 — NIST AI RMF + ISO 42001 + EU AI Act Article 9 + 10 + 13 + 14 + 26 + 50 + per-vendor LLM zero-retention + attorney-client privilege. NIST AI RMF (NIST AI 100-1) + ISO/IEC 42001 Clause 8 + EU AI Act (Regulation 2024/1689) Article 9 risk management + Article 10 data-governance + Article 13 transparency + Article 14 human oversight + Article 26 deployer + Article 50 generative-content marking when AI-summarized + per-vendor LLM zero-retention attestation chain (OpenAI Enterprise + Anthropic + Google Vertex + Azure OpenAI + AWS Bedrock zero-retention) + attorney-client privilege Upjohn v United States (449 U.S. 383, 1981) + Hickman v Taylor (329 U.S. 495, 1947) + Federal Rule of Evidence 502 + Federal Rule of Civil Procedure 26(b)(3) work-product + ABA Model Rules 1.6 + 1.13 + 2.1 + 4.1 + SOX 307 attorney-reporting + privilege-class tagging + segregated privilege-protected counsel records. Broader gate enforced via policy-as-code. WORM audit trail with per-statute retention per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment ($10k, 2-3 weeks): audits the operator current versioned customer history posture; gap-pack identifies which per-source events lack consent-class + data-class + jurisdiction-residency tagging, which lacks identity-resolution posture with consented-first-party preference, which lacks per-version immutability + cryptographic-signing posture, which lacks CCPA Section 1798.105 deletion + Section 1798.106 correction + Section 1798.110 access + Section 1798.115 disclosure + Section 1798.120 opt-out flow + CCPA Section 1798.105 deletion-versus-per-vertical-record-retention decision matrix, which lacks GDPR Articles 15 + 16 + 17 + 18 + 20 + 21 + 22 flow, which lacks FRCP duty-to-preserve + legal-hold posture, which lacks ECOA + Fair Housing + Title VII + Mobley + per-vendor protected-class-fields suppression when customer-history feeds AI scoring or ranking, whether NIST AI RMF + ISO 42001 + EU AI Act Article 9 + 10 + 13 + 14 + 26 + 50 is wired, whether per-vendor LLM zero-retention attestation chain is maintained, whether attorney-client privilege under Upjohn + Hickman + FRE 502 + FRCP 26(b)(3) + ABA Model Rules + SOX 307 is preserved via privilege-class tagging. Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): builds the 4-skill bundle on the customer-history agent, wires CDP + identity-resolution + warehouse + time-travel + temporal-DB + MDM + cryptographic-signing + policy-as-code + WORM-storage (operator-chosen subset), configures the operator-counsel-and-CISO-and-privacy-officer-and-DEI-team-and-AI-governance-team-approved per-source consent-class register + per-source data-class register + per-jurisdiction data-residency register + per-vendor sub-processor register + per-vendor international-transfer register + identity-resolution-posture + protected-class-fields suppression policy + per-class deletion-versus-retention decision matrix + per-vertical record-retention register + FRCP duty-to-preserve + legal-hold-policy + NIST AI RMF + ISO 42001 + EU AI Act Article 9 + 10 + 13 + 14 + 26 + 50 + per-vendor LLM zero-retention attestation chain + attorney-client privilege Upjohn + Hickman + FRE 502 + FRCP 26(b)(3) + ABA Model Rules + privilege-class tagging policy, runs 30-day shadow + canary with Version in audit-only before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum): continues with continuous Capture + Resolve + Version + Attest. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-source consent-class + data-class + jurisdiction-residency posture freshness + identity-resolution-posture freshness + protected-class-fields suppression coverage rate + per-class deletion-versus-retention decision matrix freshness + per-vertical record-retention posture freshness + FRCP duty-to-preserve + legal-hold posture freshness + EU AI Act Article 10 data-governance freshness + EU AI Act Article 50 marking + per-vendor LLM zero-retention attestation + WORM audit-trail completeness) measured against the operator pre-engagement baseline. Reporting carries explicit caveats sit outside Completions control + attorney-client privilege preservation.
Who owns the CDP, the identity-resolution graph, the warehouse + time-travel, the MDM, the cryptographic-signing keys, and the audit trail?
Operator owns every artifact. CDP (Segment + mParticle + RudderStack + Snowplow + Tealium + Treasure Data — operator chooses) runs under operator billing. Identity-resolution (LiveRamp RampID + ID5 + The Trade Desk Unified ID 2.0 + Lotame Panorama ID + Adstra + Audigent + InfoSum — operator chooses) runs under operator account. Warehouse (Snowflake + BigQuery + Databricks + Redshift — operator chooses) runs under operator cloud account. Time-travel data lake (Snowflake Time Travel + Snowflake zero-copy clone + Iceberg + Hudi + Delta Lake — operator chooses) runs under operator account. Temporal databases (PostgreSQL temporal + MariaDB temporal + Microsoft SQL Server temporal + Oracle Flashback — operator chooses) run under operator account. MDM (Profisee + Reltio + Tibco EBX + Informatica MDM + Stibo STEP MDM — operator chooses) runs under operator account. Cryptographic-signing (AWS KMS + Azure Key Vault + Google Cloud KMS + HashiCorp Vault + AWS CloudHSM + Thales Luna HSM — operator chooses) runs under operator-controlled HSMs with operator-counsel-and-CISO-approved key-custody chain. LLM provider contracts (OpenAI Enterprise + Anthropic API + Google Vertex AI + Microsoft Azure OpenAI Service + AWS Bedrock — operator chooses) run under operator account with operator-counsel-approved DPAs + zero-retention attestation. The operator-counsel-and-CISO-and-privacy-officer-and-DEI-team-and-AI-governance-team-approved per-source consent-class register + per-source data-class register + per-jurisdiction data-residency register + per-vendor sub-processor register + per-vendor international-transfer register + identity-resolution-posture + protected-class-fields suppression policy + per-class deletion-versus-retention decision matrix + per-vertical record-retention register + FRCP duty-to-preserve + legal-hold-policy + NIST AI RMF + ISO 42001 + EU AI Act Article 9 + 10 + 13 + 14 + 26 + 50 + Article 50 marking flow + per-vendor LLM zero-retention attestation chain + attorney-client privilege Upjohn + Hickman + FRE 502 + FRCP 26(b)(3) + ABA Model Rules + privilege-class tagging policy records all live in operator counsel + CISO + privacy + DEI + AI-governance repo. The Capture + Resolve + Version + Attest skill code lives in operator code repo. The policy-as-code policies live in operator code repo, counsel-aligned. The WORM audit trail lives on operator-controlled cloud storage. Completions owns the orchestration knowledge and transfers it under the Tier 3 transition path (30-60 days at engagement end). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks, $10k). Hand off to Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks). Continue under Tier 3 Fractional CMO with AI Swarm ($15-25k/mo, 6-month minimum, 1-2 days/wk embedded).
Related reading
- Done-for-you versioned history for regulatory defense (the adjacent governance-side versioned-history capability paired with this customer-history)
- AI agent governance (the broader governance posture this versioned customer history operates within)
- Fractional CMO with AI Swarm (Tier 3 engagement that operates the versioned customer history cycle)