Sign in

security & compliance

Built for the reviewer who reads the report.

VeriCite handles institutional source material through access boundaries, source ownership, safe fallbacks, and reviewable answer events.

read privacy policy

security packet

Documented, not asserted.

Account isolation

Source indexes, metadata, and answer events are scoped to the account boundary.

Source ownership

Institutions decide which content is approved, ingested, retrieved, and cited.

Role scope

Answers use configured account, role, and connector boundaries.

Review events

Answers, citations, fallback reasons, and handoffs are structured for review.

Legal packet

Privacy, terms, DPA, cookies, and subprocessor pages remain available for procurement.

Security review

Architecture and deployment controls can be reviewed before rollout.

Human escalation

Unsupported or sensitive questions can route to staff with context attached.

Retention discussion

Retention, export, and review expectations are handled as deployment decisions.

Reduced claims

The public site avoids certifications or customer metrics that are not verified here.

security model

Controls that shape the answer path.

The highest-risk failure is an answer that cannot be traced. VeriCite’s security model is designed to make source boundaries visible.

access

Account and role boundaries

VeriCite checks account, role, and source constraints before an answer is produced.

source

Citation-first answers

The product keeps source material attached to the answer path so teams can inspect support and gaps.

fallback

Unsupported prompts decline

When approved material cannot support an answer, VeriCite can route to a person instead of improvising.

review

Audit events for operators

Answer events, cited sources, and handoff data are structured for institutional review workflows.

four pillars

What is actually in the trust model.

data

Data handling

  • Account-isolated source indexes and metadata
  • Connector boundaries reviewed before ingestion
  • Deployment-specific retention and export expectations
  • No unsupported public compliance claims on the marketing site
identity

Identity & access

  • Role-scoped source access before an answer is produced
  • Console sign-in remains separated from the public marketing surface
  • Source-owner permissions mapped during deployment
  • Escalation paths keep humans in control for sensitive questions
audit

Audit & observability

  • Answer event, cited source, confidence signal, and fallback reason travel together
  • Review queues can replay the source trail
  • Escalations preserve evidence rather than dropping context
  • Procurement can inspect the operating model before rollout
model

Model behavior

  • Answers grounded in approved sources by default
  • Missing-source and low-confidence prompts can decline
  • Prompt-injection and source-conflict cases are named for review
  • Evaluation checks source accuracy and fallback behavior together

the fallback taxonomy

A model that declines is a feature.

VeriCite declines questions outside the approved source set. The fallback is named, logged, and reviewable so the source owner can decide whether the source set or the escalation path needs to change.

read the research
fallback.taxonomy.json
"missing_source": // not in approved sources
"out_of_scope": // role-scoped away
"restricted_record": // sensitive source boundary
"low_confidence": // below confidence floor
"source_conflict": // sources disagree

a 30-minute walkthrough

Review the trust model with your team.

Bring security, IT, and the source owner. We will walk through access scope, citations, fallback behavior, and operational review.

email hello@vericite.site