Trust center Public posture Limits included

Trust is an interface requirement

Know what this site does, what it keeps, and where its authority stops.

This center documents the current public posture for privacy, security, accessibility, evidence, and engineering decision boundaries. It describes the implementation honestly; it is not a certification.

Current posture

Four trust commitments, with their limits

Each statement is scoped to what this public repository and its application code can support.

Privacy No first-party cookies or analytics The public site code sets no cookies and includes no analytics. Workbench inputs stay in browser memory unless you deliberately move them into another application.
Security Static, public-source surface There are no site accounts, application authentication service, application backend, or input database. This narrows the surface; it is not a security certification.
Evidence Claims carry context Public claims are governed through a source-aware ledger with status, limitations, allowed surfaces, and correction paths.
Accessibility Access is a design requirement Keyboard use, landmarks, labels, readable contrast, responsive reflow, and reduced motion are design intents. No formal conformance certification is claimed.

Privacy

Technical inputs remain browser-local

The workbench is built for public-safe, preliminary structuring without an application data pipeline.

Cookies
None in site code
The first-party application code does not set or read cookies.
Usage analytics
Not installed
The public application does not include an analytics or behavioral-tracking integration.
Technical inputs
Browser-local
Interactive tool values are processed in current-page browser memory. There is no application endpoint or database receiving those values.
Persistent input storage
Not used
The tools do not use localStorage, sessionStorage, IndexedDB, or a site-side input store.
Email drafts
Manual only
A user can intentionally open a prepared draft in their own email client. The site does not send it automatically.
External services
Separate policies
Hosting infrastructure and destinations reached through external links may process normal request metadata under their own policies.

Security

A narrow static surface, not a security guarantee

Static delivery removes application accounts and a site-side input database, but it does not remove infrastructure, browser, dependency, DNS, TLS, build-chain, or third-party risk.

Architecture

Static public files

The deployed application is a statically generated site. It does not provide accounts, login, application authentication, or a server-side input store.

Inspectability

Public source repository

Page code, browser tools, public data, and deployment configuration can be inspected in the public repository.

Honest limit

No audit claim

This page does not claim a penetration test, independent security audit, security certification, uninterrupted availability, or absence of vulnerabilities.

Responsible reporting

Share the minimum safe reproduction.

Start through the contact page. Use a public repository issue only for non-sensitive, reproducible problems. Do not publish credentials, personal data, confidential material, or live exploit details; request a private contact route first.

Accessibility

Designed for access; open to correction

The site aims to support keyboard, screen-reader, zoom, motion-sensitive, and small-screen use as part of normal product quality.

  • Skip-to-content navigation and semantic page landmarks
  • Keyboard-operable primary navigation, mobile navigation, and site search
  • Visible focus treatment for interactive controls
  • Labels and state cues that do not depend on color alone
  • Responsive layouts and reduced-motion behavior
  • Concise text alternatives or hidden treatment for decorative visuals

Claim and source governance

Evidence should travel with the claim

The public trust model separates sourced facts, interpretation, limitations, and material that is still held for review.

Source context

A new factual claim needs public source context. Analysis or interpretation should be identified as such.

Claim registry

Proof metrics and identity facts are routed through shared data, with source status, limitations, and review context.

Visible boundaries

Monitoring signals, model confidence, completeness labels, and evidence-burden labels are kept separate from approval.

Correction path

The public claim ledger exposes source context and a route for suggesting corrections.

Decision boundaries

Decision support is not decision authority

Structured context can improve review quality. It cannot substitute for material facts, inspection, acceptance criteria, or accountable expert judgment.

Site-wide disclaimer

Preliminary decision-support only. Final feasibility depends on base material, geometry, service conditions, inspection requirements, and expert review.

Not valid for engineering approvalNot valid for certificationNot valid for final releaseNot valid for safety-critical acceptanceNot valid for quality guarantee

Context quality

Completeness is not feasibility.

A more complete brief means the review context is better structured. It does not mean the proposed route is feasible.

Evidence planning

Evidence burden is not approval.

An evidence-burden label helps plan review and inspection. It is not acceptance, release, or a quality guarantee.

Commercial boundary

Exafuse owns commercial review.

Services, RFQs, production capability, delivery claims, company case studies, and quality pages belong to Exafuse.