Trust Center
Trust is proof, deployment boundary, and operational discipline.
HolonomiX is built for private technical diligence and deployment. This center summarizes what is public, what is customer-controlled, what is available under diligence, and what remains roadmap.
Trust summary
Four pillars: private deployment, tenant boundary, receipts, and auditability.
Trust claims are scoped to concrete controls and buyer-owned decisions. The default posture is private deployment first; managed or support access is explicitly contracted.
auth, ACL, quota, billing, audit
file or volume policy; key custody scoped
FIPS 204 Category 3 signing
customer cloud, VM image, or bounded evaluation
Signature parameter policy
ML-DSA-65 is FIPS 204 Category 3 across public receipts.
All public receipt pages use a single policy: SHA-256 artifact manifests, IEEE 754 arithmetic commitments where applicable, and ML-DSA-65 signatures represented as FIPS 204 Category 3.
artifact set and corpus commitment
FIPS 204 Category 3
floating-point commitment where in scope
Shared responsibility
Private deployment means shared controls.
This model shows what HolonomiX provides and what the deployment owner must configure before production use.
| Area | HolonomiX provides | Customer owns |
|---|---|---|
| Tenant auth | hx-gate API keys, SHA-256 key hashes, namespace ACL | Customer controls API-key custody, tenant users, network access, and rotation schedule |
| Deployment | Private VM image / self-hosted GPU node / bounded evaluation topology | Customer controls cloud account, VPC, IAM, firewall, backups, and physical region |
| Evidence | HX-Provenance receipts, ML-DSA-65 signatures, SHA-256 manifests | Customer preserves receipt chain and verifies proof packs before relying on claims |
| Logs | JSONL audit surface, request IDs, Prometheus metrics | Customer configures retention, SIEM export, privacy review, and redaction policy |
| Encryption | AES-256-GCM file-level option and support for encrypted volumes | Customer owns KMS/HSM, volume policy, key rotation, and recovery procedures unless contracted otherwise |
Data handling
What HolonomiX sees depends on the evaluation or deployment model.
Public website intake, proof-pack diligence, and private deployment are separate data-handling contexts.
| Context | Data involved | Handling |
|---|---|---|
| Public website | Contact details and form context | Used to route and respond. No advertising trackers are intentionally deployed. |
| Proof-pack diligence | Benchmark/evaluation context supplied by the requester | Handled as confidential evaluation material. Full handling terms are set in the diligence agreement or NDA. |
| Private deployment | Customer data remains in customer-controlled infrastructure by default | HolonomiX access, if any, is explicitly scoped in writing. |
| Logs | Operational metadata, request IDs, tenant/namespace identifiers | Retention and SIEM export are customer-controlled in private deployments. |
Subprocessors and retention
Current public subprocessor posture is narrow by design.
Self-hosted deployments keep runtime customer data in the customer's environment by default. External processors are limited to configured business operations unless a separate agreement expands the scope.
| Processor / context | Purpose | Data category |
|---|---|---|
| Resend or configured mail provider | Contact form delivery when enabled | Email contents for access requests |
| Customer cloud provider | Private VM / GPU deployment | Customer-selected region and account |
| Payment provider | Optional billing / marketplace flows | Commercial account metadata only when enabled |
| None for self-hosted runtime by default | HX-SDP serving data | Customer data stays inside the customer deployment unless contracted support access is granted |
Website form
Retained only as needed for routing, response, and business records unless deletion is requested or a separate agreement applies.
Evaluation material
Retention is set by diligence scope, NDA, or pilot agreement. Sensitive artifacts can be exchanged outside the web form.
Runtime data
Private deployment data remains in the customer-controlled environment unless explicit support access is authorized.
Security packet
What security reviewers should request.
The public site gives the summary. The security packet is the diligence path for complete operational review.
A hostile-review remediation summary is available under diligence with scope, date, finding classes, remediation status, and residual-risk notes where shareable.
Compliance roadmap
Procurement artifacts are staged by evaluation depth.
The public website does not imply SOC 2, ISO 27001, HIPAA, or BAA coverage unless those terms are agreed in writing. The current posture is private deployment, explicit data boundary, and signed proof artifacts first.
| Artifact | Public status | Diligence status |
|---|---|---|
| Privacy notice | public | expanded public page |
| Website terms | public | evaluation terms available separately |
| Responsible disclosure | public | security contact + scope |
| DPA / BAA posture | not public self-serve | reviewed when the workload requires it |
| SOC / ISO roadmap | not claimed | shared during enterprise diligence |
Diligence