Governance Center

spec

Manage consent, identity verification, voice clone permissions, replica revocation, watermarking, audit, policies, takedowns, and data retention. All controls are in specification / planning stage — not yet active in production.

Governance Snapshot

demoConsent Records0 active0 revoked

demoIdentity Verificationnot configuredcustom replicas blocked

demoWatermarkingnot configuredC2PA not ready

demoAudit Events120 pending takedowns

Safety LockCustom features disabled until governance is active.

User-created replicas and voice cloning are disabled until consent records, identity verification, and approval workflows are fully configured and tested. Avatar output must be clearly disclosed as AI-generated. All unimplemented controls below reflect the product planning roadmap — none are active in production.

Governance Modules

Consent Records

demo

Manage consent for replicas, voice clones, and data subjects. Each replica and voice must have an active consent record before use in production.

Identity Verification

planned

Verify the identity of replica owners and voice subjects. Required before custom replicas or cloned voices are approved.

User-created replicas disabled until consent architecture and identity verification are active.

Depends on: Consent Records

Voice Clone Permissions

planned

Control which users and agents can clone voices. Voice cloning requires explicit consent, identity verification, and an approved permission record.

Voice cloning disabled until consent records, identity verification, and clone-specific permissions are active.

Depends on: Consent Records, Identity Verification

Replica Revocation

demo

Revoke or suspend replicas when consent is withdrawn or misuse is detected. Reinstatement requires new consent and identity re-verification.

Depends on: Consent Records

Watermarking / C2PA

not_configured

Apply visual and audio watermarks to avatar output. C2PA content credentials for provenance and disclosure are planned for a future update.

Watermarking and C2PA content credentials are not yet implemented. Avatar output should be clearly disclosed as AI-generated.

Audit Logs

planned

Immutable governance audit trail for consent, identity, replica lifecycle, takedowns, policy changes, and safety flags.

Audit log storage and immutability are planned. Current session events are local-only and not durable.

Policy Templates

demo

Allowed-use policies covering content safety, identity misuse, voice clone boundaries, and data handling. Templates require approval before enforcement.

Takedown Requests

demo

Submit and process takedown requests for replicas, voices, videos, transcripts, or sessions. Review workflow requires authorized reviewer assignment.

Takedown workflow is demo-only. Real takedown processing requires legal team integration and manual review.

Depends on: Audit Logs

Data Retention Controls

planned

Configure how long transcriptions, audio, video, lead data, consent records, and audit logs are retained. Purge and export controls coming in a later update.

Data retention controls are planned. Currently no automated purge or export pipeline exists.

Depends on: Audit Logs

Consent Records

Each custom replica or voice clone requires an active consent record. Records transition through pending, active, and revoked states. Revocation immediately disables the associated replica and voice.

Ethen (Upcube-owned)

consent_ethen_internal

ActiveReplica onVoice off

Verification

Enterprise attestation

Signed

1/1/2025

Version

v1.0-internal

Scopes (3)

Avatar Visual ReplicaStudio Video UseLive Agent Use

Ethen is an Upcube-owned flagship avatar. Internal consent record for demo purposes. No real user consent required.

Audit trail (1 entries)

grantedby Upcube governance team1/1/2025

active

Jane Demo (custom replica)

consent_custom_replica_example

Pending verificationReplica offVoice off

Verification

Manual review

Signed

3/1/2025

Version

v1.0

Scopes (0)

No active scopes

Custom replica consent pending manual review. Replica and voice remain disabled until verification completes.

Audit trail (1 entries)

grantedby system3/1/2025

pending

John Demo (revoked)

consent_revoked_example

RevokedReplica offVoice off

Verification

Manual review

Signed

6/1/2024

Version

v1.0

Revoked

9/15/2024

Scopes (0)

No active scopes

Consent was revoked by subject request. All replica assets and voice clones have been deleted. Audit trail preserved for compliance.

Audit trail (2 entries)

grantedby system6/1/2024

active

revokedby support_team9/15/2024

revoked

Custom replicas and voice cloning remain disabled until production consent verification (liveness check, document verification, or enterprise attestation) exists. No e-signature, identity verification, or legal automation is active. These are demo/static records for specification purposes only.

Audit Logs

Governance audit trail for consent, identity, replica lifecycle, takedowns, policy changes, and safety flags. All events shown are demo/static — no real audit persistence, tamper-proof storage, or production enforcement exists.

Audit Events12 demo events

demo

Event	Module	Severity	Actor	Target	Timestamp
consent.signed {"subject":"Upcube Ethen","method":"manual"}	Consent Records	Info	system	replica: sample_ethen_replica	1/15/2025 09:00 AM
replica.created {"modelType":"browser_glb","status":"active"}	Replica Revocation	Info	system	replica: sample_ethen_replica	1/15/2025 09:05 AM
consent.signed {"subject":"Demo Subject","method":"manual","status":"pendin	Consent Records	Info	system	replica: sample_custom_replica_00	3/10/2025 02:30 PM
consent.revoked {"reason":"Subject requested data deletion","previousStatus"	Consent Records	Warning	admin_demo	replica: sample_custom_replica_00	4/22/2025 11:15 AM
replica.revoked {"reason":"Consent revoked — replica suspended within 24h wi	Replica Revocation	Warning	system	replica: sample_custom_replica_00	4/22/2025 11:16 AM
policy.updated {"version":"1.1","changes":"Added data retention defaults fo	Policy Templates	Info	admin_demo	policy: policy_base_v1	4/22/2025 01:00 PM
retention.updated {"transcriptionRetention":"days_90","audioRetention":"days_9	Data Retention Controls	Info	admin_demo	retention_policy: retention_policy_main	4/22/2025 01:05 PM
consent.signed {"subject":"Website Concierge Template","method":"enterprise	Consent Records	Info	system	replica: sample_website_concierge	5/1/2025 10:00 AM
safety.flag_raised {"reason":"Automated similarity check flagged potential unau	Consent Records	Warning	system	replica: sample_custom_replica_00	5/10/2025 04:45 PM
safety.flag_resolved {"resolution":"Manual review confirmed authorized use","prev	Audit Logs	Info	admin_demo	replica: sample_custom_replica_00	5/11/2025 09:30 AM
voice.cloned {"provider":"not_configured","language":"en-US"}	Voice Clone Permissions	Info	system	voice: sample_ethen_voice	5/15/2025 08:00 AM
policy.approved {"version":"1.1","approvedFor":"development_preview"}	Policy Templates	Info	admin_demo	policy: policy_base_v1	5/15/2025 08:30 AM

demonot tamper-proofno external SIEM

All audit events above are static demo records. In production, audit logs must be stored in an append-only, tamper-proof storage system with cryptographic integrity verification. Real audit logs will record actor identity (authenticated user), IP address, user agent, and a cryptographically verifiable chain. No compliance certifications are claimed at this stage.

Allowed-Use Policy

Base Allowed-Use Policyv1.0 — demo only

demo

Category	Rule	Enforcement	Active
Content	Avatars must not generate content that promotes violence, hate speech, illegal activity, or self-harm.	block	active
Content	Avatars must not impersonate real individuals without explicit consent and identity verification.	block	active
Identity	Custom replica creation requires identity verification and signed consent record.	block	active
Voice	Voice cloning requires explicit consent, identity verification, and clone-specific permission.	block	active
Replica	Consent revocation triggers replica suspension within 24 hours.	block	active
Data	Audio and video data retention defaults to 90 days unless custom policy is approved.	warn only	active
Safety	All avatar output must be clearly disclosed as AI-generated. No undisclosed deepfakes.	block	active
Safety	Automated safety flags require human review within 48 hours.	requires review	active

Data Retention Controls

Specification onlyNot production enforcement yet

All retention policies below are specification / demo only. No automated purge, deletion, or export pipeline exists. Policies require backend persistence, scheduled jobs, and a workflow engine before production enforcement.

Policies

Default Retention Policy

planned

Standard 90-day retention for audio, video, and transcriptions. Lead data kept 365 days. Consent and audit records retained indefinitely.

Transcriptions90 days

Audio recordings90 days

Video output90 days

Lead data365 days

Consent recordsIndefinite

Audit logsIndefinite

Demo policy — not enforced in production. Purely for specification and planning.

Zero Data Retention (Enterprise)

planned

Minimizes data retention for privacy-sensitive enterprise deployments. Audio, video, and transcriptions deleted after 30 days. Consent records kept 90 days. Audit logs kept 180 days.

Transcriptions30 days

Audio recordings30 days

Video output30 days

Lead data30 days

Consent records90 days

Audit logs180 days

Demo enterprise zero-data-retention policy. Not enforced in production. No automated deletion pipeline exists.

Custom 30-Day Retention

planned

Keeps all categories at a flat 30-day retention window. Suitable for quick-turn data sensitivity use cases.

Transcriptions30 days

Audio recordings30 days

Video output30 days

Lead data30 days

Consent records90 days

Audit logs180 days

Demo custom 30-day flat retention policy. Not enforced. No automated purge pipeline is active.

Default retention (applied to all sessions)

Data category	Retention	Can retain	Exportable
Transcriptions	90 days	Yes	Planned
Audio recordings	90 days	Yes	Planned
Video output	90 days	Yes	Planned
Lead data	365 days	Yes	Planned
Consent records	Indefinite	Yes	Planned
Audit logs	Indefinite	Yes	Planned

Deletion / export requests (demo)

Deletion requests2 pending

transcription

User requested deletion of transcript data under privacy policy.

pending

audio recording

Consent revoked for audio retention.

pending

All requests are demo/pending — no actual deletion pipeline exists.

Export requests1 pending

transcription (json)

Requested by demo_user

pending

All requests are demo/pending — no actual export pipeline exists.

All retention periods, deletion requests, and export requests are specification / demo only. No automated purge pipeline, scheduled deletion jobs, or data export service is active. Real enforcement requires backend persistence, legal review, and workflow automation.

Governance Center — Implementation Notes

• This is a specification and static surface only. No governance controls are active in production.
• Consent records, identity verification, and audit logs are not yet implemented.
• Watermarking and C2PA content credentials are planned — not configured.
• Voice cloning and custom replica creation are disabled until governance is fully configured.
• Takedown request workflow is demo-only — legal team integration required before activation.
• No compliance certifications are claimed — all modules show their current readiness status.
• Real enforcement requires backend persistence, auth, and workflow engine — all deferred.