Trust & Security
Built to be reviewed, not just trusted
CodexDominion is sold into regulated environments, so this page describes — plainly — how the platform handles evidence, logs, audit trails, controls, and data. It avoids marketing language on purpose.
Evidence packets
Governed decisions produce structured evidence packets that record the inputs, the controls applied, the outcome, and the reviewer. Packets are hash-chained so that tampering with an earlier record is detectable.
Governance logs
Governance actions are written to an append-only log. The intent is a faithful record of what happened and in what order — suitable for internal review and examination.
Audit trails
Decisions, control checks, and evidence are linked so a reviewer can trace any outcome back through the steps that produced it, without reconstructing it from memory.
Controls & framework mapping
Controls are mapped to recognized frameworks at the workflow level. Mapping supports review and surfaces gaps; it does not by itself certify compliance.
Data handling
The platform is designed to integrate with existing systems rather than replace them, and to keep customer data within boundaries agreed during the pilot. Specific data-flow, retention, and hosting details are documented per engagement.
Access & roles
Access is role-based, and governed actions are attributable to an actor and a tenant. Authentication and authorization specifics are confirmed during deployment.
On certifications and claims
We do not claim certifications or attestations we have not completed. Where a control, audit, or certification is in progress or planned, we will say so explicitly. Detailed security documentation and current status are shared under NDA as part of an enterprise pilot or procurement review — reach us at JermaineMerritt@CodexDominion.app.