CoverProof data moat and source posture
A procurement-ready explanation of why the coverage asset is defensible: official source channels, provenance requirements, output hashes, and clear claim boundaries.
This page is written for procurement, legal, compliance, and sales-review conversations. It is not legal advice. Its job is to show what CoverProof can evidence about its data sources, methodology controls, and public claim limits.
Lawful source posture
CoverProof uses official FCA source channels and customer-provided firm records. The coverage asset is built from FCA register source data, including Register Extract Service-shaped data where available and targeted live-register lookups where configured. The product does not rely on hidden third-party lead lists or unsupported scraped datasets for public coverage claims.
Why the data is defensible
Each renderable coverage-context claim must carry a source date, retrieval context, methodology version, output hash, and legal-safety caveat. If those fields are missing, public pages hide the asset-derived context instead of filling the gap with marketing copy.
What procurement can inspect
Buyers can review the public coverage data methodology, the FCA-data help page, the procurement bundle, and the data-processing agreement. Together those pages show source inputs, sub-processors, AI boundaries (human review required; audit trail logged), retention posture, and the limits of the coverage asset.
What the data does not claim
The coverage asset is not FCA endorsement, not complete market coverage, not a market benchmark, and not a legal conclusion about any firm, role, or individual. It gives source context for a firm-specific Section 250 review.
Buyer inspection links
Coverage data methodology
Source inputs, provenance, freshness, hashes, and public claim boundaries.
FCA data and asset context
How check-result source context is generated, gated, and hidden when provenance is incomplete.
Procurement bundle
DDQ-style answers covering hosting, sub-processors, AI boundaries (human review required; audit trail logged), retention, and access control.
Data Processing Agreement
Processor terms, sub-processor commitments, retention, and transfer safeguards.