CoverProof

Trust Centre

Everything a procurement or compliance team needs to evaluate CoverProof in one place — who we rely on, the terms we process your data under, and a candid view of our certification status.

Last updated: 11 June 2026

At a glance

Methodology, verifier, and evidence links

Methodology and verification

  • MethodologyVersioned Section 250 classification pipeline, review gates, and evidence-pack methodology appendix.
  • Methodology changelogCurrent methodology versions, fingerprints, promotion status, evidence references, and caveats.
  • Methodology FAQPlain-English methodology, benchmark, verifier, solicitor-review, and claim-gate answers.
  • Benchmark suiteRegression-suite scope, metrics, limitations, sample-size caveats, and no-certainty caveats.
  • Coverage data methodologySources, provenance, freshness, derivation limits, and claim boundaries for coverage data.

Evidence packs and verifier

  • Evidence-pack helpWhat a board evidence pack contains, when it is generated, and what it is not for.
  • Sample evidence packSynthetic PDF/A-3B sample showing the pack format, methodology fingerprints, and no real PII.
  • Evidence admissibility guideBusiness-record framing, court caveats, and solicitor-review boundaries for evidence use.
  • Model quality and driftMeasured snapshot, drift monitoring, and reviewer escalation context that evidence packs reference.

Sub-processors

These are the third parties that process data to deliver CoverProof. We will update this list before adding a new sub-processor.

Sub-processorPurposeLocation
RailwayApplication hosting and managed PostgreSQL databaseUnited States
Cloudflare R2Encrypted storage of generated board evidence-pack PDFsConfigurable region
AnthropicAI classification of SM&CR gap analysis (Claude API)United States
ResendTransactional email (magic-links, declaration invites, reminders)United States
StripeSubscription billing and payment processingUnited States / UK
PostHogConsent-gated, IP-anonymised product analyticsEuropean Union

Data Processing Agreement

For firms (our controllers), our Data Processing Agreement sets out how we process personal data on your behalf, including security measures, sub-processor terms, and international-transfer safeguards. To request a countersigned copy for your records, email privacy@coverproof.co.uk.

Certifications roadmap — current status, not a claim

We will not display a badge we have not earned. CoverProof holds no third-party security certification today. The following is a forward-looking roadmap, not a statement of current compliance:

ProgrammeStatus
Independent penetration testPlanned — not yet commissioned
SOC 2 Type IIRoadmap — not started
ISO/IEC 27001Roadmap — not started