Trust Center

Trust comes from reviewable boundaries.

This page separates product state, technical test evidence, synthetic showcases and open release gates. It is not a certificate or a list of reassuring slogans.

CLAIMS

A green test is not a customer outcome

An installer test proves installation. HTTP 200 proves availability. externalWrites 0 proves that a test run changed no external system. None of these findings proves rankings, citations, leads, time saved or revenue.

STATUS

Four terms keep claims apart

Built means code exists. Verified means a named test produced a reproducible result. Observed means a measurement exists for a suitable period. Open means the claim is not yet supported. The Proof Ledger follows this distinction.

SHOWCASE

Every business scenario is explicitly fictional

Velunor Bikes at velunor-bikes.example, Qevora Systems at qevora-systems.example and Studio Talvori at studio-talvori.example are invented companies. Names, domains, goals, KPIs, approvals and outcome values exist only to demonstrate the product. They are not customer references.

EVIDENCE

Technical evidence stays separate

Version numbers, check counts, manifests, file hashes, runtime receipts and SiteOne detection can be real test evidence. They are described as technical artifacts and are not assigned to a fictional company as business impact.

DATA

Current product state stays local

Workspace, goals, evidence, actions, approvals, receipts and audit live in the local product database. The public website loads analytics only after consent. Form data is not sent to analytics. Production secrets belong only in the separated Secure Profile.

SUPPLY CHAIN

Hashes help, but do not make a signed supply chain

Installers maintain ownership markers, manifests and file hashes. A release still needs fully signed artifacts, an SBOM, provenance, reproducible packages and documented verification on every target platform. MarketingOS claims no higher maturity until these gates pass.

REPORT

Security findings have a direct contact

Responsible disclosure matters more than an invented seal. Reports go to support@scilipoti.de. There is currently no formal bug bounty program, guaranteed response time or external certification.

OPEN

The main release gates remain visible

They include separated operating system identities, enforced capability grants, a secret broker, egress rules, host key verification, signed receipts, signed releases, recovery tests and cross-platform security checks. Release status changes only after supporting evidence passes.

Continue

Read the security model in detail

The security page explains the Direct Profile, Secure Profile and host runtime boundaries without shortcuts.

Read the security model