BJC Logistics

SAM UEI: PFN4RZLHP8N8
CAGE: 18UW4

BJC LOGISTICS: SYSTEM PRIVACY AND DATA RETENTION DIRECTIVE

EFFECTIVE DATE: May 10, 2026

APPLICABILITY:All personnel, operators, and unauthorized entities accessing the BJC Logistics Secure Portal.

1. OVERVIEW AND SCOPE OF MONITORING

This Privacy and Data Retention Directive outlines the protocols governing the collection, utilization, and safeguarding of information across the BJC Logistics infrastructure. By interacting with the BJC Logistics secure portal, you acknowledge that you are accessing a restricted network. There is no reasonable expectation of privacy when utilizing this system. All activities, telemetry, and access attempts are subject to continuous automated monitoring and manual audit.

2. DATA ACQUISITION AND TELEMETRY

We strictly limit data collection to the parameters required for maintaining secure network operations, verifying personnel authorization, and fulfilling statutory asset management requirements.

When you access the portal, the system automatically logs the following:

  • Authentication Data: Operator IDs, inputted access keys (cryptographically hashed), and credential request forms.
  • Network Telemetry: Originating IP addresses, MAC addresses, browser/terminal fingerprints, and ISP routing data.
  • Session Metrics: Timestamp of access, duration of session, endpoint navigation paths, and frequency of failed authentication attempts.
3. UTILIZATION OF SYSTEM DATA

Information collected is not utilized for commercial profiling, marketing, or consumer analytics. Data is strictly processed for the following operational imperatives:

  • Threat Mitigation: Identifying, intercepting, and logging unauthorized access attempts.
  • Identity Verification: Ensuring only cleared personnel access restricted distribution modules.
  • System Integrity: Conducting routine vulnerability assessments and performance optimizations.
  • Evidentiary Record: Maintaining immutable access logs for internal compliance and federal auditing purposes.
4. STATUTORY DISCLOSURES AND SHARING

BJC Logistics does not sell, rent, or voluntarily distribute system data to third-party commercial entities. Information is only disclosed under the following conditions:

  • Federal Oversight: To authorized government agencies overseeing asset management and distribution protocols.
  • Law Enforcement: To federal, state, or international law enforcement entities upon receipt of a valid subpoena, warrant, or in the event of a critical security breach.
  • Statutory Violation: In the event of unauthorized access, all relevant telemetry and access logs will be submitted to authorities for prosecution under 18 U.S.C. § 1030 (Computer Fraud and Abuse Act) and other applicable statutes.
5. INFORMATION SECURITY PROTOCOLS

We employ defense-in-depth architecture to secure all logged data. This includes:

  • AES-256 cryptographic standards for data at rest.
  • TLS 1.3 encryption for all data in transit between the terminal and BJC mainframes.
  • Air-gapped backups for critical audit logs.
  • Strict role-based access controls (RBAC) limiting data visibility to authorized security administrators.
6. DATA RETENTION AND DISPOSAL

Standard consumer data deletion requests (e.g., CCPA, GDPR) do not apply to secure access logs on this restricted terminal. To ensure the integrity of the architecture of certainty:

  • Authentication Logs: Retained indefinitely for security auditing.
  • Network Telemetry: Retained for a minimum of 84 months (7 years) to comply with federal contracting standards.
  • Credential Requests: Processed and stored for the duration of the operator’s active clearance status, plus 36 months following deactivation.
7. CONTACT PROTOCOL

For inquiries regarding your clearance status, data records, or the stipulations within this directive, direct all communications to the BJC Logistics Compliance and Security Operations Center (CSOC).

All inquiries are logged and subject to verification of the requester’s identity and clearance level prior to the disbursement of any system records. Public inquiries regarding credentialing should be directed to the designated contact on the Credential Request portal.