security

Defensible
by design.

Estimators get sued when scope is missed. We built the audit trail that makes the deliverable defensible.

defensible by design

If anyone asks where a finding came from, we hand them the receipt.

your bid's audit chain · live from the database
event
S0_INGEST
8f3a..b2c1
event
S1_PROBE
c4d2..9f08
event
S2_SCAN
a701..3d4e
event
S3_VERIFY
e092..771a
event
REJECT_FLASH
b550..2204
2 findings dropped
event
S5_SYNTH ✓
771f..40b9
verifyChain(db, bidId) → ok · runs in < 200ms · readable by your CTO at 2 a.m.
TAMPER-EVIDENT

Each event hash includes the previous event's hash. Change one event and the whole chain breaks visibly.

REJECTIONS PRESERVED

AI findings that failed citation verification are kept in findings-rejected.jsonl. Forensic trail intact.

YOUR BIDS STAY YOURS

Never used to train a model. Run inside our managed environment or self-host the pipeline on your infrastructure.

01 · The audit chain

Every step appends a SHA-256-chained event.

When we ingest a bid, every state transition gets a hash. Each hash includes the previous hash. A single tampered event breaks the chain. We expose verifyChain(db, bidId) — your CTO can recompute it from the raw events in under 200ms.

02 · Citation verification

If a finding isn't word-for-word in the source, it doesn't ship.

After the LLM emits a finding, our verifier reads the cited page from the original PDF and looks for the evidence snippet. Match → confidence 0.9, ships in the brief. Whitespace-normalized match → 0.7, ships with a note. No match → permanently deleted, copied to findings-rejected.jsonl.

03 · Your bids stay yours

Never used to train. Run on your infra if you want.

The pipeline doesn't store training data. Standard plans run inside our managed environment with end-to-end encryption in transit. Enterprise plans can self-host — the entire pipeline ships as code you run on your own infrastructure.

security questions

What CTOs ask before signing.

How does the SHA-256 audit chain work?
Every state transition in the pipeline emits an event. Each event hash includes the previous event hash, forming a chain. A single tampered event breaks the chain. Your CTO can recompute the entire chain from the raw events in under 200ms with verifyChain(db, bidId).
What happens to findings the verifier cannot match?
They are permanently removed from the deliverable and copied to findings-rejected.jsonl with full context: the original LLM output, the cited page, the search snippet, and the failure mode. The rejected log ships alongside the brief so you can audit what was filtered out.
Do you train models on customer bids?
No. Customer bids are never used as training data. The pipeline calls hosted LLM endpoints with data-retention disabled where supported, and customers can self-host the pipeline so bids never leave their infrastructure (see below).
Can we self-host the entire pipeline?
Yes. We license the entire pipeline as code that runs on your infrastructure (Linux or macOS). We ship updates; your bids and outputs never touch our servers. Email [email protected] for licensing terms.
What is your SOC 2 status?
SOC 2 Type II is in progress. Customers requesting SOC 2 docs receive our current control matrix, security questionnaire, and self-hosting option in the meantime. Email [email protected] for the data room.
send your next bid · free

We'll analyze it for free.

Email it over, or paste a shared link. Read by an estimator within 1 business day. If it earns its keep, $249 next time.

Send a bid →Book a 15-min walkthrough
🔒 Confidential. Your bid never trains a model. We never sell or share bid data.