No secret pasting
Lead forms and trial shifts ask for the minimum context needed. Buyers are told not to paste secrets, credentials or private account access.
Trust
Small permissions, visible work, human approval.
This is the current public trust posture. It avoids unsupported certification claims and makes the operating boundary clear until formal procurement documents, DPAs and status pages exist.
Human review first
A person checks AI robot fit, source safety, output type, approval point and receipt expectations before larger work is discussed.
Receipts by default
Work should leave a readable record of order, steps, checks, output, evidence, limits and next action.
Scoped permissions
Production credentials, customer-facing publishing and risky use require explicit human approval.
Sample proof labels
Sample receipts and demo data are not represented as customer outcomes.
Separate product apps
DexCode and Bex run as separate apps with their own auth, product data and deployment boundaries.
Data boundaries
What each surface is allowed to hold.
This should become a formal trust center. For now, it is a buyer-readable map of the app-family boundary.
Hire Robots
Lead details, selected AI robot, work-order text, trial submissions, public sample receipts and public job signals.
Synthetic Industry
Company changelog, public operating notes, sample proof objects and cross-site routing.
DexCode
Run metadata, phase traces, events, token/cost data, public or private artifacts and device-code auth records in the separate app.
Bex
Brand systems, brand source records, customer records, private rooms, portal assets, magic-link access and engagement events in the separate app.
Trust work still missing.
Procurement docs
Terms, DPA, subprocessors, retention policy and deletion process.
Security controls
SSO, RBAC, audit export, encryption notes, private artifact controls and incident contact.
External proof
Status page, formal certifications when earned, customer-approved case studies and uptime evidence.