# DefenceFile Procurement Packet

Generated baseline: 2026-07-05

This packet assembles the current public buyer-review references for a DefenceFile ECCTA defence-file pilot. It is a procurement aid, not signed terms, legal advice, security certification, or customer-specific deployment evidence.

## Current references

- Pricing and pilot package: /pricing
  - Pilot economics, included outputs, objection handling, alternatives, and exit-right framing.
- Trust Center: /trust
  - Claim-to-evidence map, pending proof slots, subprocessor categories, retention defaults, and source baseline.
- Security posture: /security
  - Tenant boundaries, token handling, headers, readiness checks, and audit-export controls.
- Security questionnaire: /security-questionnaire
  - Standard answers for auth, data protection, AI boundaries, RLS, tokens, exports, backup, retention, and incidents.
- DPA summary: /dpa
  - Processor/controller roles, subprocessors, retention, deletion, transfer, support, and signed-document boundaries.
- Privacy summary: /privacy
  - Controller responsibilities, data categories, lawful-basis notes, retention, and rights handling.
- Service terms summary: /terms
  - Public terms summary; signed customer terms control live pilot commitments.
- Pilot walkthrough: /pilot-walkthrough
  - First-session agenda, demo-labelled screenshots, buyer inputs, and 90-day outputs.
- Sample board pack: /sample-board-pack
  - Sample board-pack structure before requesting a pilot workspace or adviser-share export.
- Request pilot review: /request-pilot
  - Qualification route for procurement, security, legal, finance, and pilot-fit questions.

## Export boundary

- The packet includes public trust, security, pricing, privacy, DPA, terms, walkthrough, sample-export, and pilot-request references.
- The packet does not include customer source evidence, private workspace data, API keys, connection strings, raw bearer values, or environment configuration.
- Signed customer documents control final subprocessors, regions, retention, support, legal hold, deletion, and transfer commitments.
- DefenceFile organises evidence for legal and compliance review; it does not decide scope, decide whether procedures are reasonable, provide legal advice, or guarantee a statutory defence.

## Pending buyer evidence

- Signed order form with customer-specific commercial terms, support route, retention overrides, and pilot scope.
- Signed DPA and subprocessor schedule naming providers, regions, transfer posture, deletion/return terms, legal hold, and support contacts.
- Production health and field metrics from the deployed pilot environment.
- Customer UAT or approved reference evidence before any public customer-proof claim.

