Advanced

Security and Trust Language

Document controls without unsupported compliance claims

Current Trust Statement

Use precise language:

  • Read-only source credentials are recommended
  • Connection secrets should be encrypted at rest
  • Encrypted connections should be used where the source supports them
  • Query and export actions should be logged where implemented
  • Receipts should state what was verified and what was not verified

Claims Not Made

Do not claim:

  • External security certification
  • HIPAA eligibility
  • Absolute client-only encryption architecture
  • Absolute data-residency claims
  • Always-accurate answers
  • AI cannot be wrong
  • Enterprise procurement readiness

Add those claims only after implementation, documentation, and review support them.

What a Receipt Proves

A receipt proves how a specific answer was produced:

  • Query or calculation text
  • Query fingerprint
  • Source context
  • Row counts where available
  • Evidence hash
  • Generated time
  • Source path and assumptions

A receipt does not prove upstream source completeness, universal metric correctness, or that a business decision is automatically correct.