Privacy and Security FAQ

Pilot workflows may store uploaded evidence metadata and, where configured, uploaded evidence files or references. Evidence remains tenant-scoped and should not be placed in public pages.

Uploaded evidence is not automatically treated as verified. It remains pending, vendor-published, observed, inferred, or otherwise classified until review and validation gates apply.

Smart Validation and public trust access routes use opaque secure tokens, expiry or revocation controls where implemented, abuse controls, and safe audit logging.

Raw tokens and full secure URLs must not be logged, emailed to support, or exposed in analytics payloads.

NetRisk does not currently claim a completed SOC 2, ISO 27001, or equivalent third-party certification for the product.

Pilot customers can request current security architecture, route-hardening, data-retention, and AI-governance notes for review.