Trust center

Verified controls, visible gaps, no certification theater.

This page reflects controls that can be traced to the running application and its configuration. Unverified legal, compliance, and enterprise claims are identified for review.

Live readiness

Backed by real auth, Redis, and streaming probes.

View system status
Available

Authentication

Firebase Authentication is paired with server-side Firebase token and session verification on protected APIs.

Available

Application data store

Chats, planning state, connector records, workflow state, and operational records use workspace-specific Redis keys where implemented. Team tenant isolation is not yet available.

Partial

Connector credential encryption

Connector credential storage is blocked until CONNECTOR_ENCRYPTION_KEY is configured.

Not available

Workspace RBAC and SSO

Company workspace roles, enterprise SSO, and artifact-level RBAC are not operational in the current product.

Partial

Audit logs

Connector governance and admin actions have scoped audit records. A complete organization-wide immutable audit log is not yet available.

Partial

Retention and deletion

Feature-specific retention exists for pitch decks, snapshots, shared chats, workflow runs, sessions, and chat memory. Account-wide export and deletion controls are not yet complete.

Review required

Training and data use

The application has no customer-content model-training pipeline. Provider contractual data-use terms and the public legal wording require counsel review.

Review required

Incident response and uptime commitments

Live technical readiness is published on the status page. No audited incident-response SLA, uptime guarantee, or service-credit commitment is asserted here.

Review required

DPA and subprocessor inventory

A DPA is not self-serve. The configured service inventory must be reconciled with contracts by counsel before publication as a formal subprocessor list.

Configured model providers

  • Google Gemini
  • Azure OpenAI
  • Anthropic models through Azure AI Foundry

Counsel and operations review

The formal privacy policy, terms, DPA, subprocessor inventory, retention commitments, incident process, and any enterprise security representation require owner and counsel approval before they should be treated as contractual commitments.

Runtime control snapshot generated 7/14/2026, 1:39:15 PM UTC.