Trust Center

Privacy, security, compliance — in one page

Every legal, security, and operational disclosure is published on this site as both a human page and a machine-readable mirror at a stable /.well-known/ path. Procurement teams, AI agents, and security researchers can all start here.

Start with the most-requested trust routes

Most buyers do not need the full trust stack first. They usually want to verify security posture, current service reliability, and who processes the data.

Read security overview →Check live uptime →Review subprocessors →How the signal works →See the receipts →

Legal

What we collect, how long we keep it, who processes it on our behalf.

Use rules for the website, dashboard, MCP server, and Agent Credits.

Data Processing Agreement/dpa/.well-known/dpa.json

GDPR Art. 28 DPA template; counter-signed copy on request.

Security

Security Overview/security

How we protect subscriber email, Stripe customer IDs, and share-token endpoints.

Coordinated Vulnerability Disclosure/disclosure/.well-known/disclosure.json

How to report, what's in scope, response SLA, safe harbor.

security.txt (RFC 9116)/.well-known/security.txt/.well-known/security-policy.json

Canonical disclosure contact + JSON mirror.

Compliance

Subprocessors/subprocessors/.well-known/subprocessors.json

Stripe, Vercel, Resend, PocketBase/Hetzner, PostHog (EU), GitHub, Cloudflare, Anthropic, Coinbase. Roles + DPAs + regions.

Compliance Posture/.well-known/compliance.json

GDPR, CCPA, HIPAA, PCI, SOC2 status; data-residency; retention.

AI / Data-Use Policy/ai.txt/.well-known/ai-policy.json

Per-bot rules; training-data posture; CC BY 4.0 license terms.

Transparency

Annual Transparency Report/transparency/.well-known/transparency.json

Government data requests, takedown demands, breaches — published yearly with explicit zeros.

Service Status/uptime

Live uptime + freshness signals + last-modified watermarks.

Corrections Log/corrections

Public log of every signal correction we've issued and the rationale.

Email & Tracking

MTA-STS Policy/.well-known/mta-sts.txt

RFC 8461. Mail to @gitdealflow.com must be delivered over TLS or rejected.

Do-Not-Track Compliance/.well-known/dnt-policy.txt

We honor the EFF DNT Policy v1.0 for any browser/agent that sends DNT: 1.

Cleared the trust review? Here's the next step.

You don’t read the code — we do

See the signal on your own sector before you commit a euro

You never open a repo. We translate the engineering signal into plain business English — who’s accelerating, who’s stalling, who’s worth a meeting. No GitHub account, no terminal, nothing to install.

Get the free Sunday issue Or test one sector for €7

€7 once · 30-day Signal-or-It’s-Free — reply REFUND, keep everything · no auto-renew · compare all tiers

Signed The Data Nerd · pseudonymous narrator · methodology over personality

Security