Trust & security

Models explain.
Evidence proves.

Hassle does not treat model output as proof. Verified claims come from deterministic scans, connected systems, signed webhooks, operational telemetry and approved evidence. Models help summarise, explain and draft answers — but every answer is checked against scope, redaction and audit rules before it leaves Hassle.

See model modes Request the security pack

Hassle is currently in private beta; production security materials are available under NDA for fund and enterprise diligence.

The principle

Model choice does not change the trust boundary.

Whether a summary is generated by Hassle, your approved provider, or a local model, the same rules apply: raw code is private by default, customer data is private by default, access is scoped, outputs are checked and every disclosure is logged.

Policy & redaction before every model call Output checks after every model call Scope limits enforced per request Every disclosure logged & revocable
hassle scan --preview-model-context
The model will receive:
structured architecture findings
dependency summary · test maturity
security finding categories
 
The model will not receive:
raw source files
.env files · secrets
customer data · raw logs
Every claim is labelled

You always know what kind of claim you're reading.

Founders and investors see exactly what is proven, what is interpreted, what is model-generated, and what still needs review. Labels travel with every claim, answer and board figure.

Verified

Source-backed through a connector or local scan.

Self-reported

Provided by the founder — not yet independently confirmed.

Inferred

Interpreted from approved evidence.

Model-generated

A summary or explanation — not proof.

Stale

Needs a refresh before anyone relies on it.

Private by default

What never leaves your machine.

Hassle stores derived, signed claims — not your source. The list below is private by default and only ever leaves with an explicit, scoped, logged founder approval.

Derived & shareable

  • Architecture summary
  • Test & CI maturity
  • Security posture
  • Verified revenue & usage
  • Readiness score

Never by default

  • Raw source code
  • Secrets & .env files
  • Customer data
  • Model prompts
  • Database dumps & raw logs
How we enforce it

Controls, not promises.

Local-first scans

The scanner runs in your environment. Raw code does not leave by default — only structured findings.

Redaction before every call

Secrets and customer data are stripped before any model — managed, BYOK or local — ever sees a payload.

Output firewall

Every answer is checked against the granted scope and redaction rules before it leaves Hassle.

Scoped, time-boxed access

Grants are levelled (L1–L5), expire on a clock, and can be revoked instantly — by you, or your CLI.

Full audit trail

Every access request, question, grant, publish and export is logged and exportable for both sides.

Provider isolation (enterprise)

Fund and firm BYOK credentials are isolated per organisation. BYOK changes the billing path, not the boundary.

Models can be wrong. That's why Hassle does not treat model output as proof — scans, connectors, signed webhooks and the claim ledger provide the proof. Detailed architecture, prompt schemas and pipeline internals are shared under NDA in enterprise diligence material, not published here.

Specialist scope

Specialist access is role-scoped and deal-scoped.

Legal and fund-ops reviewers are invited into specific matters or investments. They do not receive access to the wider investor dashboard, founder rooms, raw code, private notes or unapproved evidence.

Invite-only, single-use, expiring Matter- or investment-scoped only No wider dashboard access Every request and export audited

Trust you can verify.

Prove what's real without giving up your code, your customers or your control.

Apply for the betaTalk to us