Controlled Launch
Maximum security discipline. Single accredited investor. Full operational verification before scale.
Pilot Parameters
| Parameter | Value |
|---|---|
| Investor Count | 1 |
| Investor Type | Accredited HNW — Trusted Allocator |
| Access Method | Cloudflare Zero Trust tunnel (private link) |
| Authentication | OTP per signing session |
| Governance Mode | Tier 2 default (manual approval) |
| Backup Schedule | Daily encrypted rotation |
| Monitoring | Continuous on port 3005 |
| Exposed Ports | 0 (all tunneled) |
| Document Formats | PDF, DOCX (pilot scope) |
Investor Experience Flow
Operator creates session
│
▼
Secure link generated
(Cloudflare tunnel URL)
│
▼
Investor receives link
(encrypted channel)
│
▼
Zero Trust verification
at Cloudflare edge
│
▼
OTP challenge issued
(6-digit, 5-min window)
│
▼
Document presented
in SDC viewer
(no copy/print/download)
│
▼
Signing ceremony
(OTP-verified, multi-sig)
│
▼
Certificate generated
(ESIGN/UETA compliant)
│
▼
Funding intent captured
(ledger-anchored)
Security Posture
Network Isolation
Zero exposed ports. All traffic routes through Cloudflare Zero Trust. No direct IP access to any service.
Document Control
SDC viewer prevents copy, print, download, and screenshot. Forensic watermarking enables leak traceability. Time-limited access tokens.
Cryptographic Integrity
Every document is fingerprinted (SHA-256), signed, encrypted (AES-256-GCM), and anchored to a hash-chain ledger. Deterministic processing ensures reproducibility.
Operational Discipline
Daily encrypted backups. Continuous health monitoring. All events logged to immutable ledgers. Manual approval required for all investor-facing operations.
Pre-Invite Checklist
| # | Item | Verification |
|---|---|---|
| 1 | Docker Compose stack running | All 4 services healthy |
| 2 | IPFS/Kubo node connected | Peer count > 0 |
| 3 | Cloudflare tunnel active | Tunnel status: healthy |
| 4 | Zero Trust policy configured | Access restricted to invited identity |
| 5 | Test document processed | Full pipeline: ingest → sign → IPFS |
| 6 | Backup chain verified | Restore test passed |
| 7 | Monitoring dashboard live | Port 3005 responding |
| 8 | Governance ledger initialized | Genesis entry present |
| 9 | OTP delivery tested | Code received within 30 seconds |
| 10 | SDC viewer tested | Copy/print/download blocked |
Scaling Plan
After successful pilot validation with the initial investor, the system is designed for controlled expansion:
| Phase | Scope | Requirements |
|---|---|---|
| Pilot | 1 accredited investor | Full manual approval, maximum security |
| Limited | 3–5 investors | Per-investor session isolation, concurrent signing |
| Growth | 10–25 investors | Queue management, automated Tier 1 operations |
| Scale | 25+ investors | Multi-node IPFS, load balancing, dedicated backup infrastructure |
Investor Posture
The pilot is configured for a Trusted Allocator — a relationship-stage investor where operational friction is acceptable and expected. The system presents as infrastructure, not a sales deck. Every security measure is visible and intentional.
The system itself is the product demonstration. The investor sees sovereign infrastructure, not marketing.