Trust Center
How GauntletScore handles your data, protects your privacy, and earns your trust.
Data Lifecycle
Documents
Processed in memory, never written to disk
Transcripts
Retained for 24 hours for retrieval, then permanently deleted
Scores and certificates
Retained indefinitely (contain no document content)
API keys
Stored as SHA-256 hashes
Four Providers. Zero Training.
GauntletScore sends documents and queries to Anthropic, OpenAI, Google, and xAI. None of these providers use your data to train their models.
For Sovereign Edition deployments, you bring your own models (e.g., Meta Llama 3.1). We do not involve any external providers.
Cryptographic Proof
Every GauntletScore certificate is signed with Ed25519 private keys. You can verify the signature and prove:
- That GauntletScore generated this specific certificate
- That the certificate has not been modified since signing
- The exact timestamp and job ID
- That you authorized this analysis
Public key: Available at https://api.gauntletscore.com/.well-known/gauntlet-public-key.pem — Private key: Known only to GauntletScore infrastructure.
Compliance Status
Security & Responsible Disclosure
If you discover a security vulnerability in GauntletScore, please report it responsibly to our security team.
Do not: publicly disclose the vulnerability, share details in GitHub issues, or post on social media.
Do: Email security@genstrata.com with detailed reproduction steps. We will acknowledge receipt within 24 hours and provide regular updates on our remediation progress.
Contact
security@genstrata.comGauntletScore provides assistive verification and is not a substitute for professional judgment.