Security

A factual trust surface, built with the same proof grammar as the product.

This page is a trust-center spine: data boundary, tenant isolation, encryption/key management, audit logs, subprocessors, disclosure channel, and public status.

Review proof workflow
Boundary

Public website

Public artifacts stay sanitized

Marketing pages use approved screenshots, demo iframes, and factual trust copy rather than private tenant data.

Controls

Claim register

Security claims carry publication state

Every security statement should be either public, gated, roadmap, or blocked until reviewed evidence exists.

Access

Login-bound docs

Buyer proof is scoped by request

Docs, proof packs, and trust artifacts route through access controls when the material is workspace-bound.

Review

Quarterly or product-triggered

Trust pages get re-reviewed on product change

Security copy should update when source coverage, subprocessors, or control boundaries change.

Trust proof component

Trust claims show collection mode and evidence tier.

Security, federal, and trust-center pages need evidence confidence more than animation. This insert uses attestation tier and framework mode rather than decorative commercial blocks.

EvidenceTrustCard + EvidenceShield

Evidence trust

T1Hardware-attestedPassFresh 18h
T2Software-attestedPassFresh 2d
T3API-verifiedReviewFresh 4d
Hash-chain verified across the export window.

FrameworkModeStack

Evidence-mode coverage

Automated
62
Assisted
24
Manual
14

Data boundary

Public pages use sanitized product artifacts and do not expose private source-adapter behavior, tenant data, or customer-specific claims.

Tenant isolation

Marketing copy should state product boundaries factually and link to audited product evidence when available.

Encryption and keys

Security language remains factual until a reviewed trust-center artifact is published.

Audit logs

Claim-review sign-off artifacts record reviewer, date, exact claim text, evidence, publication state, and re-review date.

Subprocessors

List only reviewed subprocessors and publication status in the trust-center surface.

Disclosure channel

Route security inquiries to security@valty.ai and keep response claims factual.