HEADSDOWN TRUST
Security
HeadsDown treats routing metadata as sensitive. HeadsDown learns from outcomes, not your code. The privacy boundary narrows what enters the system, and the security posture protects the account state, rules, events, and operational metadata that remain.
Draft trust page
This trust page is counsel-ready draft content, not a final published policy. It must stay draft-labeled until legal, security, product, subprocessor, and cookie/analytics reviews are complete.
The privacy boundary described here applies to implemented metadata-only agent-run event and outcome-reporting surfaces, and to the routing-decision API boundary when it ships. Older or user-entered product surfaces may store text deliberately submitted through those surfaces.
Prior versions are archived manually in source control before publication changes, following `docs/legal/archive/README.md`.
- Draft version
- 0.1
- Effective date
- Pending counsel review
- Last updated
- May 2, 2026
Implemented controls we can state today
Authenticated GraphQL
GraphQL HTTP requests require a bearer token resolved to a session token or API key. Missing or invalid authorization returns 401 before the request reaches resolvers.
API keys are hashed
API keys are generated from high-entropy random bytes. HeadsDown stores a SHA-256 hash for verification and a short prefix for display; the raw key is shown only when it is created.
Metadata-only event validation
Agent-run events use typed event names, `metadata_only` privacy mode, payload allowlists, enum/bucket checks, numeric bounds, safe-token checks, and privacy-safe rejection metadata.
Error reporting is scrubbed
Operational error reporting runs through a scrubber for credentials, token-bearing URLs, sensitive headers, cookies, and known magic-link or confirmation path segments.
Privacy boundary is a security control
HeadsDown does not need work content to make agent-run calls. Integrations keep prompts, code, diffs, logs, file paths, repository names, messages, and conversation content locally, then send only privacy-safe derived facts such as counts, buckets, booleans, call/action keys, and outcome categories.
No SOC 2 claim
HeadsDown is not claiming SOC 2 certification on this page.
No residency claim
Data residency and customer-managed hosting options are not claimed as live controls here.
No incident SLA claim
Formal incident response SLAs are not published until the enterprise package is finalized.