V-DIG Audit: Tiffany & Co.

Audit Phase: V-DIG (Digital Forensics / Technology Supply Chain) Target: Tiffany & Co. (wholly owned subsidiary of LVMH SE; headquartered New York, NY, USA) Audit Date: 2026-05-01

1. Corporate & Technology Governance Context

Tiffany & Co. has operated as a wholly owned subsidiary of LVMH SE since the acquisition closed on 2021-01-07¹. As a private subsidiary, Tiffany no longer files independently with the U.S. Securities and Exchange Commission; its last public standalone filings are accessible via SEC EDGAR under CIK 0000098246². Enterprise technology strategy, cybersecurity governance, and major vendor relationships are increasingly set at the LVMH group level and disclosed — where at all — through LVMH’s annual Universal Registration Document (URD)³⁴.

This governance structure creates a structural opacity challenge for the V-DIG audit: LVMH’s URD 2024 addresses IT and cybersecurity risk at the group level but does not publish a maison-by-maison IT vendor inventory⁴. Tiffany-specific technology procurement is therefore not publicly confirmable from open sources alone.

Enterprise Technology Stack & Vendor Relationships

2.1 Documented Vendor Relationships

Tiffany & Co.’s publicly documented enterprise technology relationships centre on two major U.S.-headquartered platforms:

• Salesforce — deployed for clienteling and unified commerce functions, with the relationship publicly documented from approximately 2020 and continuing into the present⁵. Salesforce is a U.S.-origin platform headquartered in San Francisco, CA.
• Adobe Experience Cloud — deployed for digital experience management and marketing technology, publicly documented from approximately 2019⁶. Adobe is a U.S.-origin platform headquartered in San Jose, CA.

Neither vendor is Israeli-origin, and no Israeli-origin technology stack is identified as part of either deployment.

2.2 Israeli-Origin Enterprise Software & Cybersecurity Vendors

Vendors of Israeli origin relevant to enterprise software, endpoint detection and response (EDR), security information and event management (SIEM), privileged access management (PAM), and cloud security include: Check Point Software, Wiz, SentinelOne, CyberArk, Palo Alto Networks (Israeli-founded), NICE Systems, Verint Systems, and Claroty. No public evidence was identified of a direct, named licensing, subscription, or integration relationship between Tiffany & Co. and any of these vendors. Sources consulted include the LVMH URD 2024⁴, Tiffany’s privacy and sustainability disclosures⁷⁸, vendor customer-story pages, AFSC Investigate⁹, and the Who Profits database¹⁰.

2.3 Group-Level Technology Partnerships

At the LVMH group level — which sets the technology strategy within which Tiffany operates — two publicly disclosed hyperscaler partnerships are relevant:

• Google Cloud — a strategic AI partnership announced 2021-06-16, covering LVMH maisons broadly¹¹.
• Microsoft Azure / Azure OpenAI — a generative-AI program publicly documented 2023–2024¹².

Both partnerships involve U.S. hyperscalers. No Israeli sovereign-cloud or Israeli government-facing component of either partnership is publicly disclosed.

2.4 Systems Integrators

Tiffany and LVMH affiliates have historically engaged major global systems integrators (e.g., Accenture, Deloitte) on retail transformation and ERP programs. No public document specifies that any integrator has mandated or deployed Israeli-origin technology specifically to Tiffany & Co.³⁴ No public evidence identified.

Surveillance, Biometrics & Retail Technology

3.1 Facial Recognition & Biometric Systems

Israeli-origin or Israeli-linked vendors active in retail surveillance and biometrics include Trigo, BriefCam (acquired by Canon; Israeli-founded), AnyVision/Oosto, Trax Retail, and Corsight AI. No public evidence was identified that Tiffany & Co. has deployed any of these systems in its retail estate. Tiffany’s Privacy Notice⁷ acknowledges the use of closed-circuit television (CCTV) in stores but does not identify any biometric vendor or facial recognition system. Who Profits¹⁰ and AFSC Investigate⁹ do not list Tiffany in connection with Israeli-origin surveillance technology.

3.2 Predictive Analytics, Social Media Monitoring & Workforce Surveillance

No public evidence was identified of Tiffany & Co. deploying Israeli-origin predictive analytics, social media monitoring, or workforce surveillance tools⁷¹⁰⁹. Tiffany’s Privacy Notice⁷ references generalised fraud-prevention and analytics partners without naming any Israeli-origin vendor.

3.3 Third-Party or Bundled Surveillance Deployments

No public evidence was identified of Israeli-origin surveillance technology being deployed to Tiffany’s retail or corporate infrastructure through a third-party or bundled arrangement. No investigative reporting on the loss-prevention vendor stack of Tiffany flagship stores (including the Landmark flagship, New York) was identified in sources surveyed.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

4.1 Data Centre Operations in Israel

No public evidence was identified that Tiffany & Co. operates, leases, or co-locates data centre infrastructure within the State of Israel³⁴¹⁰.

4.2 Project Nimbus & Israeli Government Cloud Contracts

Project Nimbus is the Israeli government’s national cloud program, with Google Cloud and Amazon Web Services named as the primary awarded contractors in 2021¹³. Tiffany & Co. is not listed among the awarded vendors of Project Nimbus¹³. No public evidence was identified of any other Israeli state cloud contract involving Tiffany & Co.

4.3 Data Sovereignty or Sovereign Infrastructure Services to Israeli State Institutions

Not applicable to Tiffany & Co.’s commercial scope as a luxury jewelry and accessories retailer. No public evidence identified³.

4.4 LVMH Group Cloud Footprint

The LVMH group’s publicly disclosed cloud partnerships — Google Cloud¹¹ and Microsoft Azure¹² — do not specify Tiffany-level data residency arrangements, and no Israeli cloud-region or sovereign-cloud component is publicly disclosed in either partnership.

Defence, Intelligence & Security Sector Technology Relationships

5.1 Contracts with Israeli MoD, IDF, or Intelligence Agencies

No public evidence was identified of any commercial relationship between Tiffany & Co. and the Israeli Ministry of Defence, Israel Defence Forces, or Israeli intelligence agencies. Tiffany & Co. operates exclusively in the consumer luxury sector and has no documented defence-sector commercial line³¹⁰⁹.

5.2 Dual-Use Technology Provision

Tiffany’s product portfolio consists of jewelry, watches, and luxury accessories. These categories do not fall within dual-use technology classifications. No public evidence was identified of dual-use technology provision to any state or military actor³.

5.3 Offensive Cyber, Zero-Day, or Digital Weapons

No public evidence identified¹⁰⁹.

AI, Algorithmic & Autonomous Systems

6.1 AI/ML Provision to Israeli State, Military, or Security Bodies

No public evidence was identified. Tiffany & Co. is a consumer of AI services — through LVMH’s group-level partnerships with Google Cloud¹¹ and Microsoft¹² — and is not an AI developer or vendor. There is therefore no pathway identified by which Tiffany would be providing AI or machine-learning capabilities to Israeli state or security institutions³.

6.2 Training Data Sourced from Civilian Populations or Occupied Territories

No public evidence identified¹⁰⁹.

6.3 Autonomous Targeting, Tracking, or Weapons Systems

Not applicable to Tiffany’s commercial scope. No public evidence identified³¹⁰.

Technology Ecosystem & R&D Footprint

7.1 R&D Centres in Israel

No public evidence was identified that Tiffany & Co. operates research and development, design, or engineering facilities in Israel. Tiffany’s principal design and R&D facilities are located in the United States (notably the Landmark, New York City) and, through LVMH affiliates, in France³.

7.2 Acquisitions of Israeli-Origin Technology Companies

No public evidence was identified in any merger-and-acquisition disclosure, LVMH URD 2024⁴, or SEC EDGAR pre-delisting filings² of Tiffany & Co. having acquired an Israeli-origin technology company.

7.3 Strategic Investments in Israeli Tech Startups or VC Funds

No public evidence was identified of Tiffany & Co. making direct strategic investments in Israeli technology startups or Israeli-focused venture capital funds. At the LVMH group level, Israeli startups have participated in the LVMH Innovation Award program via the Viva Technology ecosystem¹⁴; however, no public document attributes a specific Israeli-startup investment, integration, or partnership to the Tiffany & Co. maison specifically.

7.4 Patents & IP Co-Development with Israeli Institutions

A USPTO assignee search for “Tiffany and Company” returns design and jewelry-method patents¹⁵. No co-assignment, joint-filing, or licensing agreement with an Israeli university (e.g., Technion, Hebrew University, Weizmann Institute) or Israeli-domiciled entity was identified. No public evidence identified.

Civil Society Scrutiny & Regulatory History

8.1 NGO & Academic Reports on Technology Relationships

Neither the Who Profits Research Center database¹⁰ nor AFSC Investigate⁹ (both queried 2026) list Tiffany & Co. in connection with technology-related complicity in the occupied Palestinian territories. Tiffany has appeared in NGO and journalistic literature in relation to diamond and gemstone sourcing (Kimberley Process), which is outside the scope of the V-DIG technology audit.

8.2 BDS / Divestment Campaigns Targeting Tiffany’s Technology Provision

No public evidence was identified of BDS-movement or divestment campaigns specifically targeting Tiffany & Co. on the basis of technology provision. Tiffany does not appear on the BDS Movement’s consumer-boycott target list as of the 2026 query¹⁶.

8.3 Regulatory, Export-Control & Sanctions Actions

No public evidence was identified of regulatory, export-control, or U.S. Treasury OFAC sanctions actions relating to Tiffany & Co.’s technology sales to Israeli state entities — whether in pre-delisting SEC EDGAR filings² or in LVMH URD 2024 risk factors⁴.

8.4 Cybersecurity Incidents & Third-Party Vendor Exposure

Reporting in 2025 documented cyberattacks affecting LVMH maisons, including Dior and Louis Vuitton, with analysis of third-party vendor exposure at the group level¹⁷. No Tiffany-specific incident linked to an Israeli-origin vendor is identified in this coverage. The California Attorney General’s data-breach notification portal¹⁸ does not list Tiffany & Co. incidents tied to Israeli vendors.

9. Evidence Gaps & Audit Limitations

The following material gaps limit the completeness of this audit and should be noted for any downstream risk adjudication:

• Vendor-level opacity: LVMH does not publish a maison-by-maison IT vendor list. Tiffany-specific cybersecurity, EDR, SIEM, and cloud vendor identities — any of which could include Israeli-origin products — are not publicly disclosed³⁴.
• Store-level surveillance stack: Tiffany’s Privacy Notice⁷ acknowledges in-store CCTV and analytics but does not name technology vendors. No investigative reporting on the loss-prevention or surveillance vendor stack of Tiffany flagship stores was identified.
• Procurement records: As a private LVMH subsidiary since 2021, Tiffany has no ongoing public procurement disclosure obligation; SEC filings end at delisting² and the LVMH URD does not break out Tiffany IT procurement.
• Indirect Israeli-origin technology exposure: Major U.S. technology stacks in use at LVMH (Microsoft, Google Cloud, Cisco, Palo Alto Networks) include components or previously acquired Israeli-origin technology. Whether such components reach Tiffany operationally is not publicly documented and cannot be confirmed or excluded from open sources.
• Israeli retail market presence: Tiffany & Co. operates retail in multiple global markets. The existence, scale, and local IT vendor stack of any Israeli retail operations could not be confirmed from public sources surveyed.

End Notes