Security
Trust and handling discipline for proposal and contract workflows.
This page explains the handling model, the human checkpoints, and the claim boundaries around TraceOps AI without overstating certification or government approval.
TraceOps Commercial data boundary
TraceOps Commercial is designed for public solicitations, non-controlled proposal workflows, and commercial small-contractor operations. It is not authorized to process, store, or transmit restricted government or defense information.
- Not authorized for Controlled Unclassified Information (CUI)
- Not authorized for classified information
- Not authorized for ITAR-controlled technical data or export-controlled data
- Not authorized for source-selection sensitive or procurement-sensitive information
- Not authorized for restricted government or defense information requiring special handling
- Customers are responsible for confirming that uploaded materials are public or otherwise non-controlled before submission. If prohibited content is submitted, TraceOps may suspend processing, restrict access, delete the content, or disable the affected workspace.
AI processing notice
When you run an analysis in TraceOps Commercial, your uploaded content and related workspace instructions may be processed by third-party AI model providers to generate document responses, summaries, matrices, drafts, and workflow outputs. See the subprocessors page for the current list of providers.
- TraceOps Commercial is not authorized for CUI, classified, ITAR, export-controlled, or restricted government information
- Do not submit such data for AI analysis
- Generated outputs are intended to support human review, not replace it
Security posture
TraceOps AI is positioned as a controlled workflow layer for document handling, review coordination, and auditability across commercial unclassified environments. It is not represented as a certified compliance endpoint unless those controls are formally validated.
- Supports CMMC and NIST SP 800-171 readiness workflows for commercial, non-CUI contractor operations
- Does not claim certified, assessed, or fully compliant status without formal validation
- Security claims are paired with human review, access control, and auditability language
Trust signals teams expect
Government contractors need to see visible handling discipline before they trust a platform with proposal, award, and evidence packages.
- Clear access boundaries between public marketing pages and the product application
- Evidence-oriented workflow design with human checkpoints
- Documented privacy, terms, subprocessor, and contact handling language
Operational handling model
The platform is designed to make review history, decisions, and controlled handoffs easier to inspect so teams can defend how outputs were produced and approved.
- Structured review instead of opaque chat interactions
- Explicit handoffs between proposal, award, development, audit, release, and maintenance work
- Safer claim boundaries that avoid overstating certification status
Considering classified or CUI-authorized work?
TraceOps Commercial is not authorized for CUI, classified, ITAR, or restricted government information. Programs that need to process controlled data require a separate engagement with a re-architected backend and program-specific authorization posture. See the Government engagements page for the engagement model and how to start a conversation with the product team.
- Start with TraceOps Commercial on a non-controlled workflow to evaluate fit
- Submit a classified-engagement inquiry through the Contact form
- Scoping conversation with the product team before any controlled-side build
- Custom platform engagement is a separate agreement, instance, and pricing model
