Rosie is governance infrastructure for professional networks — a way to make verified knowledge defensible, attributable, and auditable. This page summarizes how Rosie governs its own software, data, and operations. Detailed documentation is available to partners and their advisors on request.

How your data is handled

Rosie is built so that access, data classification, and disclosure are structural, not afterthoughts. Verified records are self-contained and carry no external lookups, and Rosie does not retain customer content as a platform store. Where customers bring their own model credentials, the model provider's data protections apply directly; where Rosie manages them, equivalent protections are carried through by agreement. Rosie's posture aligns with UK GDPR and Canadian PIPEDA.

Integrity of verified records

Every verification record Rosie produces is tamper-evident: it is built from a hash-chained ledger and sealed with a composite hash over its canonical inputs, and it surfaces its own integrity claims for inspection. Records are self-contained — they resolve their own references and do not drift as the underlying system changes. The procedures that govern a verification are authored, inspectable documents, so how something was verified is always legible.

Standards and credentials

Rosie participates in open identity and verification standards as a relying party: it verifies and references external credentials, and does not issue them. Where Rosie refers to third-party standards or ecosystems, it does so by plain reference, without implying endorsement.

Fair and transparent commercials

Rosie's commercial model is designed to avoid conflicts of interest: pricing follows a uniform formula rather than discretionary selection, terms are disclosed to the people they affect, and partners retain the ability to take their data with them.