Trust narrative

The persistent, auditable war-room for founders who've stopped trusting the magic

Built for founders who've been burned by AI tools that lose code, leak credentials, and forget last week's decision. Sources, not vibes. Approval gates, not autopilot. Wrong with receipts beats right with no audit trail.

What we never do

The shortest list on this page. Every line is a guarantee, not a roadmap item.

We never ask for credentials in chat

No API keys. No database passwords. No secrets in the conversation. Paste them into your env file, not your AI.

We never make your project public by default

Every project is private from message one. There's no public toggle, no shareable preview link, no surprise indexing.

We never train on your data

We use AWS Bedrock with Anthropic's zero-data-retention guarantee. Your conversations don't become anyone's training set.

We never lose your work

Persistent project memory, decisions log, and weekly briefing runs keep state across sessions. Close the tab — come back next month — your project is still there.

Support access is yours to control

Paid plans turn on read-only support access automatically so we can help when something breaks. Free plans require explicit opt-in. You can toggle it off in Settings → Privacy anytime. Every operator session is logged with timestamps; you'll see a banner whenever support is viewing as you, and every page they visit is recorded for 90 days.

The audit trail

What we do

An auditable history of every business decision you make. The opposite of a chatbot that forgets the conversation when you close the tab.

Every AI message has a Why? chip

Tap to see the model, the sources read, the files referenced, the reasoning chain, and the confidence level. If we don't know, we say so.

Every decision is logged

State transitions are captured first-class. Reverse anything — the reason for the reversal gets logged too. No silent rewrites of what we agreed last week.

Every weekly brief is persisted

You can scroll back to exactly what your specialists thought in week 3, when you were still arguing with yourself about pricing.

You own everything

Markdown export of every channel, every decision log, every brief. Your data, exportable in formats you can open without us.

Defense-in-depth

The boring infrastructure that holds the trust narrative up. Every line names a real vendor or a real practice.

Auth

Clerk-managed sessions. We never see or store your password.

Database

Postgres on Neon. Encryption at rest. Row-level isolation per organization.

Secrets

AWS Secrets Manager. Nothing sensitive lives in env files committed to git.

AI

AWS Bedrock running Claude Haiku 4.5. Zero data retention. SOC 2 Type II provider.

Code review

Every change is reviewed by Claude Code and a human. CI runs Biome and tests on every PR.

Vulnerability disclosure

security@origin8.app. We respond within 48 hours. No legal threats for good-faith research.

Found something we missed? Email security@origin8.app. We respond within 48 hours.

By design

What we don't generate

Origin8 is nota code generator. We don't ship to production for you. We don't auto-deploy. We don't run your app. We don't hold your AWS keys.

You ship. We advise.

This is by design. The failure modes of full-autopilot agents — forgotten context, hallucinated APIs, exposed secrets, deleted production databases — become your problem the moment we take the wheel. So we don't take it.

If you want a tool that types code and pushes it live, you have great options. We are a different kind of tool. We help you decide what to build, capture the reasoning, and remember it next week.

When something goes wrong

Things will go wrong eventually. Every honest software company says this. Here's the playbook before it happens, not after.

  1. 1

    We notify affected users within 24 hours of confirmed impact

    In plain language, naming what happened and what data was touched.

  2. 2

    We post-mortem publicly within 7 days

    Root cause, timeline, what we changed, what we're still learning. Published at /trust/incidents when there is anything to publish.

  3. 3

    We never blame our customers, our docs, or the bug reporter

    If a user could trigger it, that's on the design. If a doc was unclear, that's on us. We owe the report a thank-you, not a legal threat.

Try Origin8

Validate one idea with Maya. No credit card. No public project. Your data, your control.

Get your first briefing