Trust & Transparency
EU-only hosting, zero-PII telemetry, supply-chain security, and known limits. Transparency is a feature.
Continuity by design: 24h+ local buffer per site and lossless backfill on reconnect. See Known Limits.
Infrastructure & sovereignty — precise breakdown
Our telemetry pipeline contains zero PII by design — meaning there is no personal data for any jurisdiction to compel, regardless of where infrastructure is owned. For customers requiring fully EU-owned infrastructure end-to-end, contact us.
Unplug demo: evidence that survives outages
Recorded live. We unplug the WAN, show the continuity log during the outage, reconnect, and demonstrate lossless backfill and an export with a reproducible hash.
Why this builds trust
- Rapport — one human, one take, no stock footage
- Clarity — scope & preconditions stated upfront (same as our published limits)
- Proof — unplug at 30/60/120 min, continuity log, export + SHA-256
- Next steps — take action immediately below
What we support (and what we don't)
Transparent boundaries for the 7-day evidence export promise. Capacity limits, protocol support, and roadmap items (optional NIS2 mapping).
Read known limits →Data sovereignty & flow
Hetzner (agent layer) is EU-sovereign. GCP europe-west1 and Supabase eu-west are EU-region hosted, US-owned — zero-PII telemetry by design means no personal data exists for any jurisdiction to compel.
View data flow →SBOM & attestation
Signed builds, CycloneDX SBOM, and provenance attestation. Supply-chain security for compliance teams.
Verify supply chain →Two Proofs
Sample Evidence Pack
A redacted, regulator-friendly sample of the continuity log, control mapping, and lineage export generated by Verity Edge.
Status: available
Hash (sha256): 75ee8f93402b7049da66331a48b76f4d32a15de827292e37bb5642009b71edaa
Published at: 2026-02-27T10:30:00Z
Verify with: sha256sum <file>
Unplug demo: evidence that survives outages
Recorded live. We unplug the WAN, show the continuity log during the outage, reconnect, and demonstrate lossless backfill and an export with a reproducible hash.
Status: available
Published at: 2026-02-27T10:30:00Z
Verification Receipts
Every site deploy is tagged with verification artifacts for audit trails.
- Release site-5167e32 — Live site verification and manifest headers (2025-11-11)
Regulatory Source Documents
We've done the reading so you don't have to. Here are the official EU and BSI documents we've mapped our evidence exports to — all free, directly from the issuing authorities.
170 pages · ENISA · June 2025. The most important practical document — evidence examples, control mappings, and implementation advice for NIS2 Articles 21 & 23.
The authoritative legal text. Always freely available from EUR-Lex.
All ENISA guidance in one place — sector-specific guidelines, threat reports, and implementation support.
Current enforceable version. Free PDF direct from BSI. The baseline we map evidence exports against.
Upcoming revision — XLSX + PDF, English, free from BSI. We track the draft so you don't need to.
Why publish limits?
Transparency reduces evaluation time and false fits. We publish what we support, what we don't, and our roadmap — so you can make informed decisions without sales calls.
7-Day Export Preconditions
Strict preconditions apply to the 7-day export promise.
- ≤ 100 sites in scope
- Standard SNMP v2c/v3 and Redfish collectors (read-only)
- Outbound egress permitted to EU endpoints (TLS 443)
- Baseline configuration delivered on Day 0
Optional mappings (including NIS2) do not change the underlying evidence. See Known Limits and the acceptance checklist.