Read-Only Glass Vault A transparent cube containing source-citation marks, with cyan attribution rays leaving the vault while no signals enter, and a lime READ-ONLY badge clipped to the side. " " " AUDIT LOG · IMMUTABLE · TIMESTAMPED 14:02:11 read contracts/A0291 ok 14:02:14 read shipments/9342 ok 14:02:18 read inventory/H100 ok READ-ONLY NO WRITES Trust Center

Built for the operator who can't afford a leak — or a hallucination.

For your security team. Architecture, data handling, certifications status, and the contractual protections we extend to design partners. The wording for each item makes the distinction between what ships today, what's on the roadmap, and what we haven't yet earned — no fudging.

A note on stage

Design-partner stage, May 2026. SOC 2 Type II audit is planned, not yet initiated. ISO 27001 is architected against, not yet certified. Aspirational claims on this page are labeled as such.

Stage honesty

Six things that aren't yet true — and our answer for each

OpsATC.AI is at design-partner stage, May 2026. Pretending otherwise insults sophisticated buyers and erodes the trust the platform is built to earn. The six honest acknowledgments below are not concessions — they're the foundation of the architectural commitments that follow on this page.

Pre-revenue

We have not yet earned revenue.

Every architectural decision is in the design-partner contract and on this page before any money changes hands. Pilot fee is refundable as a 6-month monthly rebate against a 2-year contract. The financial commitment is structured to protect the buyer.

Single founder (today)

Brian Weisburd is the sole operator until the founding senior engineer onboards in June 2026.

The senior engineer hire is the gating event for MVP. Until that hire lands, the architecture, ADRs, and platform code are governed under the same change-control discipline that will scale. The team-of-one constraint is visible — and is part of what's being de-risked under the design-partner pilot. The contractual contingency if the hire slips is named in the callout below.

MVP not yet shipped

The MVP is scheduled for July 1, 2026 — not live today.

Architecture is complete. 839 platform adapters in the catalog (141 production-built, contract-tested Tier-1 connectors — each with a real read verified in CI against synthetic fixtures — ~700 honest-stage scaffolds elevating per customer signal, plus 8 generic adapters bridging anything not yet in the catalog); 30 accepted ADRs; 644 entries in the write-gate registry (634 Tier-2 high-risk + 10 low/medium static, default-deny); 53 schema migrations; The Captain orchestrator state machine, Trusted Advisor doctrine, and Data Quality Detection Layer specified in code. The first design-partner pilot proves the architecture; GA on January 1, 2027 proves repeatability.

SOC 2 planned, not earned

SOC 2 Type II audit begins Q4 2026; ISO 27001 follows in Q2 2027.

Control framework is implemented today. The audit is a documentation exercise against existing controls, not a discovery exercise. We will not claim certifications we have not earned, and we will publish each one on this page the moment it is awarded — see Section 01 below.

No public design partners

We have not yet named a design partner publicly.

Design-partner contracting is in flight as of May 2026 across distribution, contract manufacturing, integrators, storage OEMs, hybrids, logistics, and hub providers. Named partners will appear here with their explicit consent — never as marketing. The first named partner will be a milestone, not an announcement.

ADR catalog not yet public

The 30 accepted ADRs are summarized by topic in Section 03 below but not yet published as a public index.

Full ADR catalog (titles, owners, status, rationale) is available to design partners under NDA at pilot kickoff. Public ADR publication is on the post-GA roadmap — once the ADR set is stable and we are no longer iterating fast enough that a public index would lag the code.

Founder-slip contingency · contractual

What happens if the June 2026 senior-engineer hire doesn't onboard on time.

If the June 2026 hire slips, every design-partner timeline slips proportionally — communicated in writing within five business days of the slip and reflected on this page within the same window. We will not run a hidden recovery. The dependency between the senior-engineer hire and MVP-readiness is named here so it stays named when a delay matters.

Unwind trigger. If the senior engineer has not onboarded by June 30, 2026, the design partner may terminate the pilot agreement without penalty within ten business days of written notice. The contractual unwind is named in the master-agreement template; we will not rely on goodwill to protect a buyer whose pilot is dependent on a hire we have not yet closed.

Your data is dirty · operational reality

Every operation's data is dirty when we start. The Captain doesn't pretend otherwise.

Stale records. Missing identifiers. Duplicate keys. Two source-of-truth systems disagreeing about the same SKU. Schema drift from a vendor update no one announced. Reference-data gaps the prior tool quietly worked around. The legacy answer is a six-month data-cleanup project before useful output. We took a different path.

The Captain Data Quality Detection Layer (architected in ADR-0023, landed in migration 0015) runs continuously: a baseline scan at MCP connect, inline checks on every read, scheduled background sweeps per record type, and operator-triggered deep dives. Findings surface through the Trusted Advisor card alongside the answer they affect — severity-graded so operators are not trained to ignore them. The platform produces value on day one. The cleanup happens in parallel, prioritized by operational impact, owned by the operators who already know the records best. Full Data Governance architecture →

The pattern is the same in every case: the gap between the claim and the proof is acknowledged, measured, and on a calendar. Each acknowledgment here is a milestone we report against on this page as we close it. Buyers who need every gap closed before signing are not yet our buyers. Buyers who can read an architecture and weigh it against a roadmap are.

01 · Certifications & Compliance

A clear runway, not a checklist

OpsATC.AI is architected against SOC 2 Type II and ISO 27001 from day one. The control framework is implemented. The formal audit is planned, not yet initiated. We will not claim certifications we have not earned, and we will publish current status on this page as each one is awarded.

Compliance frameworks, current audit status, and target completion dates for OpsATC.AI certifications.
FrameworkStatusTarget
SOC 2 Type IIAudit plannedQ4 2026
ISO 27001:2022Architected againstQ2 2027
HITRUST CSFOn roadmap2027
GDPRDPA available on requestOngoing
CCPA / CPRADPA available on requestOngoing
FedRAMP / IL4Not in scope

Industry-specific attestations (CMMC, ITAR, HIPAA where applicable) considered on a per-customer basis during design-partner contracting. Reach out to [email protected] before evaluation if your industry requires a framework not listed above.

Independent back-end audit

An independent, read-only back-end security audit completed 2026-06-16 (six parallel forensic reviewers with disjoint scope, lead verification at each cited file:line). A focused remediation wave closed all six Critical findings — covering tenant-provisioning authorization, connector-credential encryption at rest, race-free cost governance, scheduler retry and dead-letter handling, SSRF and cloud-metadata egress guards, and Row-Level Security fail-closed. A re-audit confirmed the closures. Third-party penetration test is scoped post-design-partner stage. Audit summary and remediation evidence available to design partners under NDA.

Regulatory disclosure

Every Captain first-session interaction includes the verbatim sentence "I'm The Captain, an AI assistant powered by Anthropic's Claude." Every Captain response surface — chat reply, recommendation card, Logbook entry, daily workbench tile — carries a persistent footer reading "Powered by Anthropic's Claude." This disclosure is enforced at the React component level — the surfaces cannot render without it — and is designed to satisfy the Anthropic Acceptable Use Policy (effective 2025-09-15), EU AI Act Articles 4 and 50, California SB-1001, and FTC Section 5 anti-deception guidance simultaneously. Procurement and legal teams can verify the implementation under NDA.

02 · Tenant Isolation

Tenant isolation, by design

Per-customer data isolation is enforced at every layer: storage, query, model context, embeddings, audit, key management. No cross-tenant fine-tuning. No "shared learnings" leaking one operator's IP into another's recommendations. Architecturally, one customer's view never crosses another's.

What this means concretely

Pilot scope below describes the controls shipping with the first design-partner deployment. Production hardening lands post-pilot.

  • Logical isolation at the database row level, enforced by tenant ID on every query path; no application-level join can cross tenants. (Implementation complete; deployed with the first design-partner pilot.)
  • Per-tenant credential encryption at rest — customer credentials are encrypted with pgcrypto using per-tenant HKDF-derived data keys today. A refuse-to-boot guard forbids the dev env-key strategy in production. The cryptographic primitive is live; a leak of one tenant's key has no effect on any other tenant — by design. Architected but not yet deployed (ADR-0014 Phase-7 target): cloud-managed KMS master keys (production currently uses an environment-provided master key, not a live KMS). The externalized KMS layer (customer-controlled AWS/GCP/Azure backends, automated key rotation, HSM-backed master keys, formal CMK lifecycle) hardens with production deployment, post-pilot.
  • Rate limiting posture (honest read) — the adapter egress limiter is in-memory and per-(tenant, provider), wrapped around every outbound call to keep us within the customer's published API limits. On the serverless deployment it is a per-invocation bucket, not a cross-instance ceiling. The GraphQL inbound limiter is in code but installed only on the long-running Fastify path, not on the customer-facing Vercel serverless adapter. Distributed per-tenant rate limiting that protects against noisy-neighbor behavior is architected (ADR-0012 access family, Redis-backed variant landed in code) but not yet deployed; it lands with production hardening, post-pilot.
  • Model context boundaryThe Captain's per-request context window is loaded only with the active tenant's data; tenant ID is enforced at the prompt construction layer, not just at retrieval.
  • Customer-tenant configuration exposed in the Admin Portal so isolation policy is auditable directly by your team during the pilot, not via a screenshot in a sales deck.

Provisioning posture today

  • 5 tenants currently provisioned on Neon PostgresOpsATC.AI's own dogfooded tenant plus 4 demo environments. Pre-revenue, design-partner stage. Production tenant slots open at pilot kickoff.
  • Row-Level Security at the database layer — RLS baseline applied at migration 0017 (enable_rls_baseline); migration 0035 makes RLS fail-closed — a query with no tenant context returns zero rows via an all-zeros sentinel, not every tenant. Logical isolation is database-enforced, not application-enforced.
  • Tenant isolation is tested, not asserted — a 49-test integration suite boots under a restricted no-BYPASSRLS database role so RLS actually engages, and includes a fail-closed canary that asserts a no-tenant-context query returns zero rows. Isolation is a tested invariant, not a prose promise.
  • JWT in HttpOnly cookie only (T11 migration complete 2026-06-10). Authentication tokens never appear in URL params, never in localStorage. SSO callback drops the legacy ?token= URL pattern. XSS-resistant by construction.

Encryption, transport & egress posture today

A precise read on what is code-enforced on the running stack right now (Vercel + Neon Postgres + Railway, single-region), what is architected but not yet deployed, and what is on the roadmap. The labels matter — we do not market roadmap as live.

In place today — code-enforced on the running stack

  • Multi-tenant Postgres Row-Level Security
  • Read-only Trusted-Advisor doctrine with two-tier CI enforcement
  • Append-only audit log (UPDATE/DELETE revoked from the application role)
  • Per-tenant egress allow-list
  • A TLS 1.2+ (AEAD) floor with mTLS and per-adapter certificate pinning supported in the egress client. We do not force TLS 1.3, which would break older customer endpoints.
  • Customer credentials encrypted at rest with pgcrypto and per-tenant HKDF-derived data keys
  • A refuse-to-boot guard forbidding the dev env-key strategy in production
  • CAIQ / SIG / VRA pre-fills mapped to specific ADRs
  • GDPR + CCPA architectural controls
  • A read-only-scoped DPA template

Architected but not yet deployed

  • Cloud-managed KMS master keys (ADR-0014 Phase-7 target) — production currently uses an environment-provided master key, not a live KMS
  • Multi-AZ database failover (ADR-0014 Phase-7 target)
  • Static egress IPs (ADR-0014 Phase-7 target)
  • A managed WAF in front of /graphql (ADR-0014 Phase-7 target)
  • Distributed per-tenant rate limiting on the customer-facing serverless path (ADR-0012 access family) — the GraphQL inbound limiter is in code but installed only on the long-running Fastify path, not on the Vercel serverless adapter that serves customer requests. The per-(tenant, provider) adapter egress limiter is in-memory and single-instance — an outbound courtesy to respect customer API limits, not a cross-instance ceiling. The Redis-backed distributed variant landed in code but is held for production hardening, post-pilot.

Roadmap, not running. We will not market these as live until they ship.

On the roadmap, honestly

  • SOC 2 Type II is not yet certified — no audit booked
  • ISO 27001:2022 control mapping is in progress; certification follows SOC 2
  • HIPAA / BAA and FedRAMP are out of scope at launch
  • Third-party penetration test scoped post-design-partner

OpsATC.AI is pre-revenue with no live paying customers and no SOC 2 certificate today. We will not claim certifications we do not hold, customer counts we do not have, or operational metrics we have not measured. The honesty is the differentiator.

Vertical configurations — one customer, one vertical

Seven vertical configurations are pre-tuned in the platform. One customer = one vertical configuration, not a forked codebase. Each vertical pre-tunes navigation, KPIs, recommendation prompts, and connector defaults for that supply-chain role:

  • Distribution
  • Contract Manufacturing
  • Hybrid Manufacturing + Distribution
  • Storage / OEM
  • Integrator + Customer Network
  • Logistics + 3PL
  • Hub Provider

Forking the codebase per customer creates a maintenance nightmare. Pre-tuned vertical configs keep the platform unified while letting each customer's surface match their operating model.

03 · Architecture Decisions

Architecture decisions, by topic

Skeptical buyers want to see what the platform has actually decided, not just what it markets. OpsATC.AI maintains 30 accepted Architecture Decision Records (ADRs) in docs/adr/, each immutable after acceptance. The nine domains below summarize what those 30 records collectively govern; the records themselves carry rationale, alternatives weighed, trade-offs accepted, owner, and status, and are shared in full to design partners under NDA.

The ten domains the 30 accepted ADRs cover

  • Multi-tenant data isolation — Postgres row-level security enforced at every query; tenant boundary is a database-level invariant, not application-level.
  • MCP adapter architecture — Model Context Protocol as the integration layer; per-connector capability + scope + write-gate registry.
  • Captain orchestrator state machine — bounded state graph + selectTools chokepoint + per-operation routing; one orchestrator path per workflow, not free-form agent loops.
  • Trusted Advisor doctrineThe Captain reads systems of record; writes route through a human-gated approval queue; no autonomous writes to customer systems.
  • Data quality detection — layered detection (baseline → inline → scheduled → on-demand) of the six issue classes that erode operator trust: stale records, missing identifiers, duplicate keys, contradictory source-of-truth values, schema drift, and reference-data gaps. Per ADR-0023.
  • Security controls — five control families. Live today: per-tenant egress allow-list; a TLS 1.2+ (AEAD) floor with mTLS and per-adapter certificate pinning supported in the egress client (we do not force TLS 1.3, which would break older customer endpoints); secrets management via pgcrypto with per-tenant HKDF-derived data keys. Architected but not yet deployed: cloud-managed KMS master keys (ADR-0014 Phase-7), distributed per-tenant rate limiting on the customer-facing serverless path (ADR-0012 access family), static egress IPs, and a managed WAF in front of /graphql.
  • Privacy & PII Protection — four-tier sensitivity taxonomy applied at the connector boundary. The Forbidden tier (SSN, passport, bank account, ICD-10 diagnosis codes linked to identity, GDPR Article 9 special categories, 42 CFR Part 2 substance abuse records, COPPA minors data) is structurally inaccessible, regardless of customer consent or administrative override. The Identifying tier (names, employee numbers, customer IDs) requires four-gate approval — express written customer permission, signed DPA, per-tenant policy flag, two-person admin approval, all audit-logged. Per ADR-0031.
  • Token governance — per-tenant prompt-cache partitioning, per-tenant token budgets, per-operation model routing with admin policy knobs.
  • Live-read architecture — connectors integrate without ingesting source data into a central lake; The Captain queries source systems live; no shadow-copy retention.
  • Network Federation doctrine — two adjacent-layer tenants in a real-world business relationship can share a specific slice of operational data (e.g., ASN status for one customer's orders, demand for one supplier's parts) through OpsATC without either side losing read-only posture, tenant isolation, or audit. Bilateral acknowledgment required before any data flows; scope is enumerated as canonical entities plus a filter predicate; every cross-tenant read writes a federation.read audit event visible to both tenants; either side revokes unilaterally and instantly. Per ADR-0022. Honest-stage framing: internal-only today and design-partner-gated for the first external use.

Five operating rules we hold ourselves to

Architecture Decision Records describe what we've decided. Operating rules describe what we hold ourselves to — explicit organizational rules, internally enforced across every conversation, every commit, every dispatch. The five we publish:

  • Honest-stage discipline. Never invent customer counts, quotes, shipped-feature status, or operational data. Pre-revenue framing is explicit. The honest-stage banner above is anchored to a code constant in packages/types/src/compliance.ts.
  • AI output verification. Every AI agent finding is independently verified by a primary reviewer before acting on it. Subagent claims do not bypass primary judgment.
  • Four-tier sensitivity model (ADR-0031). Forbidden PII — Social Security numbers, passport numbers, bank account numbers, PHI — is NEVER accessible regardless of consent. Identifying data (names, employee numbers) requires explicit written per-tenant permission. Operational data is default-allow; public data is unrestricted.
  • Verbatim AI disclosure. Every Captain first-session message includes the exact string "I'm The Captain, an AI assistant powered by Anthropic's Claude." Satisfies Anthropic AUP (effective 2025-09-15), EU AI Act Article 4/50, California SB-1001, and FTC Section 5 anti-deception simultaneously.
  • Single-writer discipline. Only one development conversation modifies a given working tree at a time. Prevents parallel-write corruption and silent commit interleaving. Discovered the hard way; codified after.

These five are a subset of nine operating rules codified internally; four are engineering-discipline rules less relevant to a buyer audience. The full set is shared to design partners under NDA at pilot kickoff.

The full ADR registry (30 accepted records as of 2026-06-13, with rationale, alternatives weighed, trade-offs accepted, owner, and status) is available to design partners under NDA at pilot kickoff. Reach out for architectural deep-dive sessions during contracting.

04 · Audit Trail

Audit trail — structured logging and write-gate enforcement

Every Captain event — every read, query, recommendation, and human decision — is designed to be tied to a user, a role, a source system, and a timestamp. Write-gates are enforced in code; all gate decisions are logged. The design-partner pilot delivers structured audit logging with write-gate enforcement. Production hardening (post-pilot) adds persistent forensic-grade audit storage with cryptographic chain-of-custody and export in formats accepted by regulated-industry auditors.

What the audit trail captures

Capture surface designed for the design-partner pilot. Specific fields are finalized per pilot during onboarding.

  • User action log — every action a human user takes in any portal, with role context and source IP.
  • Agent activity log — every tool call The Captain makes, every system of record she reads from, every query and recommendation, with the prompt and response retained.
  • Approval trail — every human-in-the-loop approval, with approver identity, timestamp, scope authorized, and any limits configured.
  • Source citations — every recommendation includes the systems and records it was derived from, retained alongside the response.
  • Configuration changes — every change to tenant configuration, role assignments, integration settings, or workflow rules.

Retention & export

Target retention is 7 years for audit-relevant records, configurable per tenant. Export formats planned: JSON, CSV, and SIEM-compatible streams (Splunk HEC, Elastic, Datadog). Historical export via the Admin Portal lands with production hardening, post-pilot.

Security roadmap

Phase 1 controls ship during the design-partner pilot. Phase 2 hardening is implemented during the pilot and shipped before production deployment. We do not market completed Phase 2 controls as live until they ship — and we do not market Phase 1 as production-live until a paid pilot is in flight.

OpsATC.AI security controls by phase: Phase 1 (design-partner pilot scope) and Phase 2 (production hardening).
ControlPhase 1 (Pilot scope)Phase 2 (Production hardening)
Read-only doctrine (ADR-0020)Enforced via write-gates registryCI lint enforcement on all adapters
Per-tenant credential encryptionHKDF-SHA256 with platform-managed rootAWS/GCP/Azure KMS integration + Terraform IaC
Write-gates registryCode enforcement + CI checkAutomated PR linting for unregistered writes
Multi-tenant RLS isolationPostgres RLS + context enforcementRLS chaos test suite
Adapter input validationJSON Schema on tool definitionsSAST/ESLint injection linting
Token lifecycle managementShort-lived JWTs + strict signature verificationTiming-safe token comparison (crypto.timingSafeEqual)
Egress allow-list enforcementSpecified in ADR-0012; not yet wired to HTTP layerURL validator in adapter HTTP calls + integration tests
Audit loggingStructured logging to console + write-gate trackingPersistent DB storage with immutable append
Audit log retention & exportOn-demand export via Admin PortalAutomated SIEM streaming (Splunk, Elastic, Datadog)
Rate limitingIn-memory per-tenant limiter (dev-only)Redis-backed token-bucket limiter across pods
Response schema validationDeclared; not yet enforcedMax depth/size/array limits per adapter + DoS guards
Webhook HMAC signingDeclared in architecture; not yet implementedSignature verification helper library for adapters

What this means for a pilot today. Phase 1 controls are sufficient for a single-tenant design-partner pilot running against your sandbox or staging environment. Phase 2 hardening is a precondition for production-data deployment and ships before any pilot transitions to live operations of record. Phase 1 vs Phase 2 status for each control is reviewed jointly with your security team during pilot scoping; we will not run against production data on Phase 1 alone.

05 · Human-in-the-Loop

Read-only by doctrine. The clicks belong to the operator.

The Captain is read-only against every system of record. She reads, reasons, cites, and recommends. She does not issue POs, reroute shipments, or post journals — those clicks belong to the operator. This is doctrinal, not a default: OpsATC.AI is not building write capability against customer systems of record. The clicks are yours, permanently.

How this works in practice

  • Default mode: advisory. The Captain drafts, recommends, and cites. Nothing changes in your systems of record unless a human user clicks approve.
  • OpsATC writes only to its own application data. Notes, scheduled prompts, configuration, draft artifacts (emails, briefs) that you review and send from your own system. Never outbound to your ERP, Kinaxis, Salesforce, or any system of record.
  • Approval audit. Every approval is logged with approver identity, scope, and any limits. Structured logging is captured during the design-partner pilot; SIEM streaming (Splunk HEC, Elastic, Datadog) lands with production hardening, post-pilot.
  • Kill switch. The Admin Portal is designed to expose a per-workflow disable that immediately pauses The Captain from generating recommendations on the affected workflow. Implementation completes during the design-partner pilot.

The read-only doctrine is defense-in-depth across three layers. First, every adapter that exposes a high-risk write tool declares it in packages/mcp-core/src/write-gates.ts — currently 644 entries (634 high-risk Tier-2 + 10 low/medium static), default-deny with audit trail. Most high-risk writes don't have an executable code path at all (Tier-1 enforcement — the adapter class never wraps them in executeWithGate()); the Tier-2 registry shown here is the second defense layer. Second, The Captain's tool-selector filters high-risk writes out before any tool list reaches the model. Third, a CI lint denies any pull request that adds an unregistered write tool. The architecture is governed by 30 accepted ADRs in docs/adr/, each immutable after acceptance. The Captain's behavior is validated by a golden-prompts eval harness that runs nightly in CI against a curated 30-prompt set, with a deterministic grader that self-tests its own reproducibility on every run; failures post to the workflow summary and gate the next release.

06 · Data & Workforce

What we won't do with your data or your team.

Two commitments hold together: your operational IP is never used to train any third-party model, and the team running your operation is never the metric we optimize against.

On your data

  • No foundation-model training on customer data. Anthropic's API terms forbid it; the OpsATC.AI master-agreement template reaffirms it.
  • Process improvements stay yours. The Process Intelligence Engine is designed to surface bottleneck patterns and ROI calculations identified inside your tenant; those findings are your operational IP, not platform-level features we resell.
  • De-identified telemetry only. Platform-improvement analytics (latency, error rates, feature usage) is designed to be aggregated and de-identified before it reaches our engineering systems; the telemetry pipeline ships during the design-partner pilot.
  • For cross-tenant isolation specifics — fine-tuning, embeddings, key management — see Section 02.

On your team

The OpsATC.AI master-agreement template explicitly does not include a headcount-savings clause. The outcomes we measure are cycle time, OTIF, exception MTTR, onboarding velocity, and decision compression — never seats eliminated. The objective is to amplify operators you already have, not to enable their replacement. The master-agreement template includes the commitment in writing; design partners receive it under NDA before contracting.

07 · Residency & Sub-processors

Where your data lives — regions, retention, third parties.

Hosting is on AWS, US regions, with EU and APAC residency on the production roadmap. Design partners receive written commitments on residency, retention, and sub-processor changes in the master-agreement template.

Regions & status

Data-residency regions, current pilot status, and notes on availability for OpsATC.AI hosting.
RegionStatusNotes
US (us-east-1, us-west-2)Primary target region · PilotMulti-AZ topology; primary & DR architected for production hardening, post-pilot.
EU (eu-west-1, eu-central-1)RoadmapTargeted Q1 2027 · GDPR-aligned
APAC (ap-southeast-1)RoadmapTargeted Q3 2027
Customer-dedicated VPCAvailable for design partnersPer-tenant deployment by request

Retention defaults (master-agreement template)

  • Operational data: retained for the term of the agreement; deleted within 30 days of termination unless otherwise specified.
  • Audit logs: 7 years (configurable to longer for regulated customers).
  • Backup snapshots: 35 days rolling target, encrypted at rest with per-tenant keys; the rolling-snapshot schedule lands with production hardening, post-pilot.
  • Customer-initiated deletion: subject-of-data requests fulfilled within 30 days.

Sub-processors

Every third party that may touch customer data. Additions are communicated to design partners 30 days in advance with an objection window per the master-agreement template. Status reflects current platform integration; design partners receive the as-deployed list before pilot kickoff.

Third-party sub-processors, the purpose each serves, the data they handle, their hosting region, and current integration status.
ProviderPurposeData handledRegionStatus
Amazon Web ServicesCompute, storage, networkAll customer data (encrypted)US (EU/APAC on roadmap)Connected
AnthropicFoundation model inference (Claude)Per-request prompt + retrieval contextUSConnected
StripeBilling & payment processingBilling contact, payment methodUSConnected
FormspreeForm intake / lead capture (newsletter signups, demo requests)Submitted form fields (name, email, message)USConnected
SendGrid (Twilio)Transactional emailUser email address, notification contentUSPlanned (pilot)
DatadogApplication monitoringDe-identified platform telemetryUSPlanned (pilot)
1PasswordInternal secret managementNo customer dataUSConnected

Last updated: May 2026.

08 · When Something Goes Wrong

Disclosure, response, timing.

Two channels for "something is wrong": researchers and customers reporting a vulnerability they found, and the internal incident path when we detect one ourselves. Both have written commitments below.

Vulnerability disclosure — for researchers and customers

Target acknowledgment within one business day. Target triage status within five business days. No legal action against good-faith researchers who follow this policy. These targets become contractual SLAs from the design-partner pilot onward via the master-agreement template.

In scope

  • opsatc.ai and any *.opsatc.ai production subdomains
  • The OpsATC.AI mobile and web applications
  • The MCP connector framework and published adapter SDK
  • Authentication, authorization, tenant isolation, and audit-trail integrity

Out of scope

  • Vulnerabilities in third-party services we use (please report to that vendor; we will coordinate)
  • Issues requiring physical access, social engineering, or denial-of-service testing
  • Best-practice findings without a demonstrable exploit path

How to report

Email [email protected] with a clear technical description, reproduction steps, and the impact you observed. PGP key issued on request once first design-partner contracting begins. Researchers will be credited in security acknowledgments — that page is published as soon as the first valid report is received.

Incident response — when we detect it

Procedures are documented; the first tabletop rehearsal is scheduled before the first design-partner pilot goes live. Customer-notification timelines below become contractual commitments via the master-agreement template.

Notification timing (master-agreement commitments)

  • Sev-1 (confirmed customer data exposure or loss): notification to affected customers within 24 hours of confirmation, with regulatory authorities notified per applicable jurisdiction (GDPR Article 33, state laws).
  • Sev-2 (security incident with potential customer impact): notification within 72 hours of confirmation.
  • Sev-3 (security event with no customer impact): disclosed in the next monthly security update; included in the public incident log, which is published from the first design-partner pilot onward.

Response capacity

At the design-partner stage, the founder is the on-call line. Response timing is human-paced, not 24/7 SOC-paced — committed in writing via the master-agreement template. Current on-call structure is published on this page as it evolves.

09 · Change-of-Control

Strategic independence, in writing

OpsATC.AI is built to operate independently of any single distributor, ERP vendor, or supply-chain platform. The master-agreement template includes explicit change-of-control protections so an acquisition cannot leave you stranded.

Design-partner change-of-control terms (master-agreement template)

  • Perpetual license to the version of the platform you are running at the moment of an OpsATC.AI change-of-control event.
  • Source-code escrow with a recognized third-party escrow agent. The escrow account is established at the first design-partner contract execution; release triggers include change-of-control, business-continuity events, and material breach.
  • Defined transition window — no less than 12 months — during which the platform continues to operate at current pricing and SLA terms regardless of acquirer intent.
  • Right of first refusal on data extracts, configuration exports, and tenant-isolation guarantees during the transition.

These terms live in the master-agreement template, not in a sales deck. Available for review under NDA prior to design-partner engagement.

10 · Portability & Exit

Built to be replaced — gracefully

Every connector is designed to ship with a documented schema. Every workflow is designed to export as YAML. Every audit log is designed to be portable. We don't trap data, and we don't lock you in. The fastest way to lose a long-term customer is to make them feel imprisoned, so we are building the exits in parallel with the entrances. Export capabilities are available from the first design-partner pilot onward.

What you can take with you

  • All customer data, in JSON or CSV, via the Admin Portal export — target latency in minutes, available from the design-partner pilot onward.
  • Workflow definitions exported as portable YAML, suitable for re-import to a different orchestration platform.
  • Audit logs, complete history, via the same export channel.
  • Connector schemas documented for every integration in the OpsATC.AI catalog so you know exactly what each adapter reads — the read-only doctrine means no adapter writes to a system of record.
  • Configuration backups on demand, or scheduled to a customer-controlled S3 bucket. The scheduled-S3 path lands with production hardening, post-pilot.
11 · Common Questions

Buyer questions, answered straight

Strategic-objection questions we hear from security teams, data leads, and operations buyers during evaluation. Pilot-scope and architectural-pattern markers are preserved — what ships today versus what lands during the pilot is called out in each answer.

By design, KPIs live in a per-tenant configuration registry — each metric has a definition (formula, source systems, refresh cadence, owner, threshold bands) you control. Hide KPIs you don't use, change a numerator, retune thresholds, or add a custom KPI sourced from your own data. The demo defaults are a starting template, not a prescription. The configuration surface (Admin Portal → API & Integrations and the Internal Ops / Service Portals → Master Data Domain Health views) is the architectural pattern; full self-service KPI editing UX lands during pilot.
Every KPI is traceable end-to-end by design. The KPI definition registry names the source system, query/field, transform, refresh cadence, and owner for each metric — so the math is auditable, not a black box. At ingest, schema validation + freshness checks + null/range rules run before a value reaches a KPI; failed checks surface as data-quality breakpoints rather than silently wrong numbers. See Internal Ops / Service Portals → Master Data Domain Health and Data Lineage & MDM Health for the lineage and quality surfaces, plus Admin Portal → Data Harmonization for the binding configuration. The visual lineage view in the demo is the architectural pattern; full per-cell drill-to-source UX lands during pilot scope.
Yes, by design. Each tenant has a private knowledge library (PDFs, .docx, .xlsx, .csv, slides, plain text, meeting/call transcripts) that The Captain retrieves from at query time — same architectural pattern as a Claude Project, but scoped to your tenant. Files are stored in your per-tenant encrypted bucket with keys held in your KMS, never train the underlying model (we are an Anthropic API customer, not a model trainer), and are never discoverable to other tenants. Limits: per-file size caps and per-tenant aggregate caps are configurable per tenant at MSA; file-type whitelist; cryptographic deletion on demand; versioning preserves audit history when a document is updated. At query time The Captain uses retrieval-augmented generation (RAG) to pull only the most relevant chunks into the model's context window — so the practical "absorb" limit is the size of your library, not the per-call context. Refresh cadence, access roles (e.g., this folder is Finance-only), and tagging are configurable per folder. The upload UX, chunk-tagging, and retrieval-debug surfaces are the architectural pattern; specific library shape and governance roles are configured during pilot scope.
Common case, and not a blocker. OpsATC.AI is designed to be source-of-record agnostic — a process backed by spreadsheets, a homegrown DB, an on-prem app, or email/PDF can still be orchestrated. The pattern: define the canonical entities and KPIs in the OpsATC schema, then bind whatever source you actually have (file drop, SFTP, scheduled CSV/Excel pull, DB view, API, EDI) to those entities. The Captain operates against the canonical model, so swapping in Kinaxis later doesn't break the workflow. See Admin Portal → API & Integrations and Data Harmonization for the binding surface. Generic ingestion adapters are part of the architecture; specific source-system bindings are scoped per pilot.
Yes — by design. Ingestion paths beyond SaaS connectors include: scheduled CSV/Excel pulls from SFTP/SharePoint/OneDrive/S3, drag-and-drop file upload (see Customer Portal → Forecast Upload for the pattern), email-attachment intake, and DB views over flat-file landings. Each source is registered in the connector registry with a schema contract, validation rules, and a freshness SLA so spreadsheet-fed KPIs carry the same lineage and quality signal as SaaS-fed ones. The architectural pattern is in place; specific spreadsheet bindings (which file, which sheet, which columns map to which canonical fields) are configured per workflow during pilot.
Three layers, in order — prevention, in-the-moment correction, learning across time.

1. Prevention via grounding. The Captain doesn't generate from training data; she's retrieval-grounded against your tenant's data — KPI definition registry, knowledge library, system-of-record reads. When she lacks the source to answer a question, she's instructed to say "I don't have that" rather than guess. Hallucination risk drops sharply when the model isn't filling in gaps.

2. In-the-moment course-correction. Every Captain output that touches a system of record is gated behind a human approval queue (per ADR-0020, our Trusted Advisor Doctrine). If she drafts the wrong allocation letter, proposes the wrong reroute, or surfaces a wrong number, the workflow owner edits or rejects in-line — nothing executes upstream until a human signs off. The cost of a mistake is small because she's read-only by default and write actions are gated. Each correction is captured to a per-tenant feedback ledger: what she said, what was wrong, what the correction was, who corrected it.

3. Learning across mistakes. Two mechanisms operate on the feedback ledger:

(a) Per-tenant prompt + retrieval tuning — your TAM reviews the ledger weekly; recurring corrections become updates to your prompt templates, KPI definitions, and retrieval filters. Same underlying model, sharper steering for your specific business.

(b) Eval-suite expansion — significant errors become regression tests in your tenant's eval suite. Before any prompt or retrieval change ships, the suite re-runs to confirm the prior failure mode is gone and nothing else has regressed.

The Captain does not fine-tune on your data (we are an Anthropic API customer, not a model trainer) — the "learning" happens at the prompting + retrieval + eval layer, which is the layer you control. The feedback ledger, prompt-version diff history, and eval pass/fail dashboard are exposed in Admin Portal → Governance & Audit. Architectural pattern is in place; the specific feedback UX and weekly TAM review cadence are scoped during pilot.
Yes — every Captain recommendation that touches a downstream operational commitment carries a computed "act-by" deadline, not just a priority flag.

The pattern (architectural):

1. Forward-chain math. When The Captain identifies an action (e.g., "issue PO to your supplier for capacitors"), she traces forward through the dependent commitments she can see: supplier lead time → inbound logistics → receiving dock slot → quality inspection → clear-to-build → production start. The earliest downstream commit becomes the latest-by date.

2. Buffer subtraction. From latest-by she subtracts known variability: supplier lead-time variance, customs-hold probability for that lane, your contract manufacturer's published build-prep window. The result is the recommended-by date — when the action should be taken to keep downstream commitments intact with reasonable confidence.

3. Two clocks on each action. Recommended-by (the comfortable date) and latest-by (the hard deadline). Each urgent-action card shows both, plus a visible countdown and the specific downstream commit that breaks if missed (e.g., "PO latest-by May 28, 14:00 PT — June 4 build start at risk if missed").

4. Re-computation on change. Deadlines recompute whenever upstream inputs shift — supplier ETA changes, dock slot moves, customs clears earlier than projected, etc. If a deadline crosses from comfortable → at-risk → missed, the urgent-action card escalates severity, pages the owner, and (if configured) escalates upward.

What you control:

— Which downstream commitments count as hard deadlines (build starts, customer SLAs, regulatory windows) vs. soft (preferred internal cadence)
— Buffer policy per workflow (conservative / balanced / aggressive)
— Notification cadence and escalation tiers (owner → manager → exec)

The Internal Ops Portal → Urgent Actions queue shows the foundational chain math; explicit act-by date/time countdown UI and per-workflow buffer policy are configured per workflow during pilot scope.
No. Every operation's data is dirty when we start — stale records, missing identifiers, duplicate keys, two source-of-truth systems disagreeing about the same SKU. The legacy answer is a six-month data-cleanup project before the tool produces its first useful output. The Captain's answer is different: the Data Quality Detection Layer (architected in ADR-0023, landed in migration 0015) runs continuously and surfaces what she finds alongside the answer it affects. The platform produces value on day one. The cleanup happens in parallel, prioritized by operational impact, owned by the operators who already know the records best. See the full Data Governance architecture on the Approach page.
Six issue classes, detected through four layered modes.

The six classes: (1) Staleness — records past the last-touch window your operators trust for that record type. (2) Missing identifiers — records lacking the linking key needed to join across systems. (3) Duplicate keys — a primary key that appears more than once where the schema declares it unique. (4) Source-of-truth contradiction — two systems that should agree about a record but do not. (5) Schema drift — source-system fields renaming, retyping, or repurposing without notice. (6) Reference-data gaps — lookups missing from the lookup tables.

The four modes: Baseline scan at MCP connect (establishes reference cardinality and value distributions); inline checks on every read The Captain performs (catches drift as it happens); scheduled background sweeps per record type (catches what inline missed); operator-triggered deep dives (answers specific reconciliation questions). The modes are layered, not alternative — no single mode is sufficient alone.

Severity-graded signal: informational findings stay in the background; threshold-crossing findings surface inline with the answer they affect; material findings escalate to a named owner. The Captain is not the girl who cried wolf. Thresholds are tunable per record type, per portal, per role. Specifications in ADR-0023 and migration 0015.
No. The four-tier data sensitivity model (per ADR-0031) puts Social Security numbers, passport numbers, bank account numbers, Protected Health Information, GDPR Article 9 special-category data, 42 CFR Part 2 substance-abuse records, and COPPA minors data in the Forbidden tier — structurally inaccessible, regardless of customer consent or administrative override. The control isn't a permission slider that can be flipped; it's enforced at the connector boundary so the data never reaches The Captain's context.

The Identifying tier (employee names, employee numbers, customer IDs, initials) is DEFAULT DENY and requires express written customer permission per tenant before it's accessible, plus a signed DPA, a per-tenant policy flag, two-person admin approval, and audit logging — all four gates required. Operational data (SKUs, POs, lead times, inventory levels) is default-allow and unrestricted. Public data is unrestricted. HR, EHR, payroll, and healthcare connector real-implementation elevation is blocked until the field-schema + tenant-policy framework lands. The model + enforcement code paths are available for review under NDA.
Security Contact

How to reach us

At the design-partner stage, every security-related inquiry routes to the founder directly. No ticket queue, no triage layer, no auto-responder. As we build out the team, dedicated security and privacy mailboxes will be added — and when they are, this page will be the place that announces them.

All security, privacy, vulnerability, and founder-direct correspondence
Security-team questions, DPA requests, vendor security questionnaires — acknowledged within one business day.
Vulnerability reports — PGP key available on request; acknowledged within one business day; credited in security acknowledgments unless you prefer otherwise.
GDPR / CCPA / CPRA subject-of-data requests — fulfilled within 30 days.
Design-partner conversations, board-level concerns, escalations — direct to the founder, always.

A versioned PDF of this Trust Center, plus the procurement-grade SECURITY_POSTURE one-pager, is available on email request. NDA available before any document leaves our environment.