Security
Every TVCRpro security claim is enforced by infrastructure, not by policy. If a claim is not on this page, it is not made anywhere.
Security Brief
Two PDF briefs are available for download. Both are version-stamped, source the same evidence, and use the same sub-processor table reproduced below. Author and contact details are on the cover page of each PDF.
- TVCR-SEC-001-A — Internal Security Reviewer Brief (PDF) · technical, terse. For security, infrastructure, and compliance reviewers.
- TVCR-SEC-001-B — Licensee Decision-Maker Brief (PDF) · executive-readable. For licensing, procurement, and decision-maker review.
Sub-processors and infrastructure
Operator-pasted text submitted to the analyzer at /analyzer leaves the TVCRpro environment only to reach Anthropic for the rubric pass. The composite weighting that produces the Token Value Conversion Ratio is applied on a TVCRpro-controlled server after the rubric agent returns; those weights are never transmitted to the inference vendor and never shipped to the operator's browser. See /methodology for the full architectural split.
| Function | Provider | Jurisdiction | Verification |
|---|---|---|---|
| Email, calendar, contacts, encrypted mail | Proton AG | Switzerland | Proton Trust Center |
| Domain DNS, edge / proxy | Cloudflare | U.S. (multi-region) | Cloudflare Trust Hub |
| Document workflow / e-signature | Adobe Inc. (Acrobat Sign) | U.S. | Adobe Trust Center |
| Productivity suite, workflow automation, BI | Microsoft 365 (Canada tenant) | Canada | Microsoft Trust Center |
| Inference for the eleven-dimension rubric agent at /analyzer | Anthropic, PBC | U.S. | Anthropic Trust Center |
| Custom domain | tvcrpro.com on Proton Unlimited | — | MX, SPF, DKIM, DMARC, catch-all all green (April 24, 2026). |
Encryption
- In transit: TLS 1.3, enforced by Cloudflare and Proton.
- At rest: AES-256, enforced by Proton (mailbox), Microsoft 365 (workspace), and Adobe (Sign documents).
- Email: end-to-end where both parties use Proton; TLS-secured otherwise.
Data retention
Tier 1 — anonymous Light Analyzer
Tier 1 inputs are not retained. The claim is enforced by the absence of a database in the Light Analyzer architecture — there is no datastore that could retain Tier 1 inputs. The architectural absence is the enforcement, not a written policy.
Tier 2 and Tier 3 — NDA-gated reports and pilots
Retention is governed by the executed NDA and pilot agreement on a per-engagement basis. The default posture is minimum-necessary retention with documented deletion-on-withdrawal via a Power Automate workflow.
Deletion-on-withdrawal
A withdrawal request triggers a documented Power Automate workflow; a logged deletion confirmation is the verification artifact. Workflow documentation is internal; verification of execution is provided to any party that requests it under NDA.
Data residency
| Data type | Resident in | Provider |
|---|---|---|
| Switzerland | Proton AG | |
| Workspace documents | Canada | Microsoft 365 (Canada tenant) |
| E-signature documents | U.S. | Adobe Inc. |
| DNS / edge | Multi-region | Cloudflare |
Access control
- Proton MFA on all five
tvcrpro.commailboxes. - Adobe Sign role separation with audit log enabled.
- Microsoft 365 tenant access control (founder-only as of April 26, 2026).
- No claim depends on the inventor’s behavior. The architecture works even if the inventor is incapacitated, hostile, or replaced.
“No AI training” claim
TVCRpro’s scoring engine does not train any model on user data. The claim is enforced by the engine’s deterministic algorithmic design — there is nothing in the codebase that could train, even if the inventor wanted to. No training pipeline exists.
What TVCRpro does not collect
The website itself runs on first-party server logs only. No third-party analytics SDK is loaded. No client-side error tracking SDK. No A/B testing framework. No heatmap or session replay. No cookies except an optional theme-preference cookie (deferred post-v31).
The Do-Not-Track header is honored at the server log level (logs strip user agent if DNT is present),
and by the Light Analyzer API per its locked specification.
What is not yet in place
SOC 2, ISO 27001, and a third-party security audit are not pursued at v31 launch. Pilot data does not yet exist. The full Limitations page enumerates this in detail. Pre-pilot, design-intent.