PERSPICACITY
Request Audit
Security & Trust
Security & Trust

Trust should be inspectable before it becomes contractual.

A quiet breach doesn’t just cost data — it costs the trust you spent years earning. So we don’t ask you to take our security on faith. Inspect request validation, guarded demo relays, safe status outputs, and clear AI boundaries in this public build right now — then production access, encryption, logging, backup, recovery, retention, and compliance controls are scoped to the architecture you actually choose.

Request a security review See our security service
SEC-07 / Inspectable trust center

See what is proven, scoped, and deliberately not claimed.

Select a control boundary to inspect the current evidence, implementation behavior, and the exact point where a production engagement requires additional scope.

Current assurance mapEvidence before assertion
REQ-01 / Active boundaryVerified in the public build

Request boundary

Server routes reject incomplete, invalid, and oversized payloads before they can enter a downstream workflow.

What it protects
Malformed intake, invalid planning inputs, and oversized speech-demo uploads.
Current implementation
Required fields, email and phone formats, numeric ranges, text lengths, and an 8 MB audio ceiling are enforced server-side.
Evidence and assurance boundary
  • Missing lead fields return a deterministic 400 response.
  • Negative lead-volume inputs return a deterministic 400 response.
  • Speech-demo audio above the published limit returns a 413 response.

This proves validation on the current public routes. Client-specific schemas, retention, and downstream permissions are defined in the signed scope.

01 / Public-site proofInspectable now

Validation, relay boundaries, safe status output, disclosure, and audit contracts can be inspected on this build.

02 / Production controlsSpecified in scope

Access, encryption, logging, backup, recovery, retention, and incident controls follow the selected architecture.

03 / Formal certificationNot claimed

Perspicacity does not present SOC 2 or ISO 27001 certification as completed public proof.

Production control plan

The security scope follows the real architecture and risk.

A website, voice worker, CRM integration, and custom portal do not share the same risk surface. Each production engagement turns the relevant controls into named outputs, owners, and launch gates.

01

Identity and access

Credential ownership, roles, approval paths, least-privilege access, and offboarding expectations are documented against the systems in scope.

Access and secrets plan
02

Data and event trail

Data classes, processors, retention, deletion, sensitive actions, and the events operators need to investigate are defined before production reliance.

Data map and logging scope
03

Continuity and recovery

Backup coverage, restore behavior, monitoring, alerting, recovery ownership, and acceptable recovery objectives follow the selected architecture.

Recovery and incident runbook
04

Compliance and launch gates

Consent, disclosure, regulated-data limits, counsel review, selected vendor controls, and evidence required for launch are made explicit.

Control register and launch decision
Claim boundary

Compliance posture, stated without security theater.

Perspicacity does not claim SOC 2 or ISO 27001 certification. We identify the controls an engagement needs, distinguish what the public build proves from what a client deployment requires, and document third-party, legal, and client-owner responsibilities before launch.

Scope the control plan