Current-state trust center

The trust center is a ledger, not a brochure.

Status: This page is intentionally conservative. It lists what is currently proven, what is planned, and what remains blocked. It is not an external audit packet.

Production deploy

Validated

Current production was deployed through remote GitHub Actions and Cloud Run with SHA-tagged API/web images and recorded revisions.

Evidence: M088

Public UI health

Validated with caveats

Public root, sign-in, unauthenticated redirects, request-access modal, responsive spot checks, and API health were tested in production.

Evidence: M088

Authenticated value

Blocked

Authenticated app value cannot be claimed until a production test tenant and passkey identity are available and tested.

Next: test tenant

Compliance claims

Not claimed

SOC 2, ISO, HIPAA, GDPR, PCI, DORA, NIS2, external audit, and SLA claims require separate evidence before they can be public claims.

Next: audit artifacts