STATION −0.0500 · SECURITY & TRUST

Every artifact, signed by a human and traced to its source.

A filed Form 1120 carries the licensed CPA who signed it. A signed MSA carries the attorney who attested to it. A payroll run carries your approval, and a GDPR Article 28 DPA carries the playbook version it was checked against. Each one also carries its record: the source document, the rule it was measured against, every change with the reason for it, who or what approved it, and the timestamp. The draft can be a model's; the signature never is.

07 LAYERS · 1 HUMAN PER SIGNED ARTIFACT · 0 SILENT WRITES

01 CUSTOMER SERVICE02 LEGAL03 HR04 MARKETING05 ANALYTICS06 COMPANY BRAIN07 TAXSIGN-OFF · 07 STRATAPROVENANCESOURCEPLAYBOOKv3.2§7.2APPR DJ14:02:07Z

STATION −0.0500 · THE GUARANTEES, IN SECTION

Engineers trust Stripe with the money and Clerk with the keys. The question one level up is the same one, and it has the same answer: a named human on the line, and a record behind them.

01

Nothing gets signed, filed, or paid without a named, accountable human.

The model drafts; a person attests. For your own paper, that person is you. For the regulated layers it is a licensed party: a licensed attorney signs what gets signed on Legal (02), a licensed CPA or EA signs what gets filed on Tax (07), and you authorize the e-file as the officer on Form 8879-CORP. A payroll run waits on your approval before it moves money. No artifact leaves on a model's word; the signature, not the software, is what a regulator or counterparty holds.

02

Every artifact carries the record of how it was made.

The source document. The playbook and the version it was checked against. Every change, with the reason attached. Who or what approved it, and the timestamp. One thread, bound to the artifact, not a separate log you reconcile after the fact. You can answer “why did we do that” for anything the layers shipped — months later, without asking the person who did it, because the reason traveled with the work.

03

Your Company Brain (06) is yours. It is never pooled into a shared training set.

The six functions read and write to one graph that belongs to you. Connectors to your source systems are read-only, so Stripe, Drive, Gmail, and your helpdesk stay authoritative and nothing is moved out of the systems you already control. Every access is logged against a name. Your corpus trains no shared model, and permissions resolve at query time against the source, so the Brain never widens who can open the cap table or a comp doc. These are commitments we hold ourselves to before launch, not yet audited controls; [verify before launch].

04

The controls have names, reports, and dates.

We name what we hold and mark what we are still building, so nothing on this page claims a control we cannot show you the report for.

  • SOC 2 Type II report[PLACEHOLDER — target: report available, then renewed annually]
  • GDPR Article 28 DPA, available to sign[verify before launch]
  • EU Standard Contractual Clauses for transfers out of the EEAstated per regulation [verify]
  • Data residency options[verify]
  • Encryption in transit and at rest[verify]
  • Data retention and deletion on exit, including erasure on request[verify]
  • Breach notification to you within [PLACEHOLDER — target][verify]
  • Per-layer availability target[PLACEHOLDER — target]
  • Published sub-processor list, with notice before it changes[verify before launch]
  • Independent penetration test, report available under NDA[PLACEHOLDER — target / cadence]
  • SSO/SAML, role-based access control, least-privilege defaults[verify]
05

You can walk away with everything, and one layer down is not seven down.

Export your entire company graph and every artifact at any time: the filed returns and workpapers, the signed contracts, the resolved threads, the approved metric definitions. The layers degrade independently behind a public status page, so a Marketing outage never holds up a Delaware franchise filing. The accountable humans are real parties of record, not a model that disappears with the vendor. The concentration a founder fears here is the safeguard, not the risk: more is recoverable, not less. The standing export and the public per-layer status page are commitments we hold ourselves to; [verify before launch].

A backend you can't walk away from isn't one we'd want to sell.

06

Three lines we hold, stated plainly.

  • Never train a shared model on your data.
  • Never sign or file without a named human on the line.
  • Never dead-end your data on the way out.

Objections

  • The whole back office on one young vendor is the right thing to worry about, so the exit is built before you need it. The standing export is a running copy, not a support ticket: it refreshes on every signed or filed artifact and lands in open formats — PDFs for the executed paper, a structured dump (JSON plus CSV) for the graph and the metric definitions, so it imports without us. The regulated work hands off to a named successor: a filed return and its workpapers move to the CPA or firm you choose, a contract and its playbook to your next attorney, because the licensed signer is already on the record. The vendor going away is not your data going away.

  • You aren't. Drafting is the only thing the model does on its own; a named human attests to anything signed or filed. You see every change and the playbook rule it traces to, with the source document behind it, so review reads as an audit rather than a leap of faith. The signer owns accuracy regardless of the tool, which is why review is wired into the pipeline instead of bolted on after. Routine paper clears fast; a genuinely novel term escalates to the licensed reviewer with the issue already isolated.

  • They stay scoped to your Company Brain (06), never pooled into a shared training set, with every access logged against a name. Connectors are read-only, so the data stays in the systems you already run and the Brain holds an index, not a second copy that drifts. Permissions mirror the source at query time: if you can't open the comp doc today, the Brain won't quote it back to you.

Where this resolves

This page closes the trust objection the other surfaces point to. Each link lands on the human and the record behind that layer.

  • Pricing FAQ“Can I trust AI to file my taxes or sign my contracts?” and “What if horz goes down, or goes away?” resolve here in full.

    See pricing →
  • 02 Legalthe licensed attorney on every signature line, with the redline traced to your playbook.

    02 Legal →
  • 07 Taxthe licensed CPA or EA who signs as preparer, and Form 8879-CORP you sign as officer.

    07 Tax →
  • 06 Company Brainread-only connectors, per-access logging, and a corpus that trains no shared model.

    06 Company Brain →
  • Contactopen a formal vendor-security review or send a questionnaire to the desk.

    Contact →

The Floor

Talk to us.

Security contact.

Request the SOC 2 Type II report, the GDPR Article 28 DPA, or the current sub-processor list at security@horz.dev. Report a vulnerability to the same address; we acknowledge within [PLACEHOLDER — target] and keep you on the thread to resolution.

END OF SECTION · STATION −0.0500