{
  "schema": "https://hivesilo.com/.well-known/signed_facts.json",
  "version": "1.0",
  "organization": {
    "name": "HiveSilo",
    "url": "https://hivesilo.com/"
  },
  "note": "These are published, public facts about HiveSilo. This file is not itself a signed artifact; cryptographic signing applies to HiveSilo's container images and to its daily status, which are signed and independently verifiable. The facts below can be confirmed through the HiveSilo Trust Center, where hardware attestation, reproducible builds, and append-only runtime receipts can be checked by your own security team, and where the public keys used for signing are published.",
  "signing": {
    "thisFile": "unsigned",
    "verifyVia": "https://trust.hivesilo.com",
    "publicKeys": "https://trust.hivesilo.com/api/trust/public-keys.json"
  },
  "facts": [
    {
      "id": "zero-pii-architecture",
      "statement": "HiveSilo produces buyer intelligence without taking custody of customer personal data (zero-PII architecture).",
      "category": "data-boundary"
    },
    {
      "id": "per-tenant-confidential-vm",
      "statement": "Each customer runs in an isolated, per-tenant confidential VM built on Intel TDX.",
      "category": "confidential-compute"
    },
    {
      "id": "attested-gpu-tee",
      "statement": "AI computation runs on attested NVIDIA GPU TEE (Trusted Execution Environment).",
      "category": "confidential-compute"
    },
    {
      "id": "hardware-attested-enclaves",
      "statement": "Workloads run inside reproducibly-built, hardware-attested enclaves whose identity and build can be independently verified.",
      "category": "attestation"
    },
    {
      "id": "append-only-runtime-receipts",
      "statement": "The system produces append-only runtime receipts so behavior over time can be checked, not just the system state at a single moment.",
      "category": "attestation"
    },
    {
      "id": "continuous-security-checks",
      "statement": "HiveSilo runs continuous automated security checks against its production environment.",
      "category": "operations"
    },
    {
      "id": "public-verification-path",
      "statement": "A public verification path is available, including a public verify API and a downloadable security package, so reviewers can automate confirmation on their own schedule.",
      "category": "verification"
    }
  ],
  "notDisclosed": "Signal definitions, weights, scoring models, methodology, and attestation verification internals are proprietary and are not published.",
  "verification": {
    "description": "Independently verifiable via the HiveSilo Trust Center.",
    "trustCenter": "https://trust.hivesilo.com",
    "publicKeys": "https://trust.hivesilo.com/api/trust/public-keys.json"
  }
}
