Trust Center

The evidence, boundaries, and limits behind Costframe.

This Trust Center is deliberately conservative: no invented certifications, no fake screenshots, no autonomous remediation promises, and no hidden provider-write path.

Read-only trust boundary

Provider data enters Costframe. Provider writes do not.

01

Provider APIs

Read APIs, billing exports, inventory, metrics

02

Costframe normalizer

Org-scoped records, evidence freshness, detector inputs

03

Evidence Ledger

Checked signals, missing signals, confidence, price math

04

Review boundary

Tickets, reports, and guidance leave Costframe for human approval

Blocked boundary: Costframe does not import provider write clients for customer tenant operations and does not execute cloud changes.

Evidence Ledger

A finding shows the proof and the doubt.

The marketing pages now distinguish real product captures from conceptual diagrams. The Evidence Ledger story mirrors the app: what was checked, what was missing, and who must approve the action.

finding · vm_resizereviewable

Evidence checked

CPU history, cost line item, resource state, SKU catalog reference

Evidence unavailable

Missing metric windows, unsupported provider fields, stale billing exports

Decision state

Confidence, contradiction checks, owner, approval status, verification plan

  1. 01No product screenshot is treated as approved until it is captured from an approved environment.
  2. 02Conceptual diagrams are labeled as diagrams, not dashboards.
  3. 03Illustrative examples can explain math or workflow, but they cannot replace product proof.
  4. 04Pending screenshots keep their capture requirements visible until replaced.

Interactive architecture diagrams

Inspect the system boundary from provider API to verified report.

Hover, focus, or tap a diagram. Motion is restrained and respects reduced-motion settings.

Read APIs feed evidence. Write APIs stay outside Costframe.Billing, inventory, metrics, and recommendation APIs are used only where configured and permitted.Provider APIs01Read-only client02Org-scoped store03Evidence Ledger04Blocked: Provider write clients

Read APIs feed evidence. Write APIs stay outside Costframe.

Billing, inventory, metrics, and recommendation APIs are used only where configured and permitted.

  1. 01Provider APIs
  2. 02Read-only client
  3. 03Org-scoped store
  4. 04Evidence Ledger

Trust inventory

What is covered, what proves it, and what remains bounded.

01

Read-only architecture

Costframe requests provider read roles for customer cloud analysis. Public copy must not imply that Costframe can deploy, resize, delete, or mutate customer resources.

Proof: Provider data enters through read-only clients and becomes org-scoped evidence.

02

Credential handling

Cloud credentials are treated as sensitive connection material. Secrets are encrypted at rest and decrypted only where the worker needs them for provider reads.

Proof: Connection removal must remove stored credentials according to the product retention model.

03

Evidence Ledger

Findings expose checked evidence, unavailable evidence, freshness, confidence, contradiction state, owner, approval, and verification context.

Proof: A missing signal is a visible limitation, not hidden certainty.

04

Provider permissions

Azure is the most mature provider path. AWS and Google Cloud remain readiness-gated where billing exports, inventory, or metrics are not yet verified.

Proof: Provider pages and docs must carry readiness language and limitations.

05

Tenant isolation

Application data is scoped by verified organization context. Cross-tenant administrative visibility is reserved for explicitly allowed platform-admin read-only paths.

Proof: Every user-facing query should derive organization context from verified auth, not request body input.

06

Export model

Exports are evidence artifacts for customer review. CSV and PDF outputs must preserve estimation, verification, and limitation language.

Proof: Reports should not label estimated savings as verified realized savings.

07

Deletion and retention

Public trust copy must stay conservative unless backed by the current product retention policy and legal terms.

Proof: Retention and deletion behavior should be reviewed in docs and contracts before stronger claims are made.

08

Auditability

Audits, reports, findings, and delivery events should keep timestamps and state so teams can reconstruct what happened.

Proof: The audit outcome, report generation state, and export state are separate truths.

09

Known limitations

Unsupported providers, stale evidence, missing metrics, incomplete billing exports, and readiness-gated features must remain visible.

Proof: The limitations page is part of the trust story, not a footnote.

10

Roadmap boundaries

Future remediation and workflow features stay customer-approved and evidence-backed. Public pages must not promise autonomous cloud changes.

Proof: No provider-write guarantee remains the boundary for public trust copy.