Trust posture for a fake-data demo.
AnchorGrey does not claim legal approval or production readiness for real student records. The current deployment is a public product and fake-data demo while vendor, legal, security, and deployment decisions remain open.
AnchorGrey records institution-defined requirement decisions; it does not order, score, interpret, or adjudicate background checks, drug screens, lab results, fingerprinting results, consumer reports, clinical results, or student eligibility.
Data minimization
The public site collects no student records and the demo uses synthetic cohort data. Real-record pilots require a separate approved deployment posture.
Demo safety
The demo is public, noindexed, fake-data only, and visibly warns users not to upload real student records.
Access-control posture
Sensitive helpers are designed around AuthContext, RBAC checks, organization scope, and explicit support access.
Audit trail posture
State changes, exports, support access, and document-access assumptions are represented as safe audit events.
Email safety
Notification templates are status-only and avoid health detail, document names, attachments, rejection details, and signed links.
Vendor gate posture
Production mode refuses unsafe demo adapters, unapproved vendors, and real-record mode until required gates are set.
Before any real-record pilot
AnchorGrey needs institutional agreement/DPA, vendor approvals and BAAs where applicable, production auth, private production storage, scanner strategy, RLS validation, backup/restore validation, incident response readiness, accessibility review, and security review.