Evidence program

Repository of proof

• Policies published under /compliance.html and linked pages.
• CI artifacts (SBOM workflows).
• Change history (Git), Wrangler deploy logs, migration history.
• Pentest letters and tabletop notes (internal retention).

Operator guide: docs/compliance/EVIDENCE-VAULT.md

Exports

Customer-specific exports depend on product surfaces implemented (e.g., audit CSV). Availability improves over roadmap milestones.