ReleaseNotary

ReleaseNotary security model

ReleaseNotary is built for review evidence that may include private product behavior. The public marketing site is crawlable; hosted packets, dashboard routes, API routes, and private artifacts remain outside the public crawl surface.

Redaction by default

ReleaseNotary detects and redacts secrets, PII, and token-like values before durable packet artifacts are written.

Private packet access

Hosted packet pages and artifacts stay private by default and are scoped to the owning review path.

No durable signed access URLs

ReleaseNotary avoids durable signed packet links; proof artifacts must not store rn_access URLs or tokens.

Project API keys

Project-scoped API keys keep packet upload and read access bounded to one project and can be revoked.

Audit trail

Runs, packet reads, artifact reads, capture activity, API access, and retention actions emit bounded audit events.

Security questions

Clear boundaries between the crawlable product explanation and private release proof.

Are ReleaseNotary public pages crawlable?

Yes. The public marketing pages, pricing page, machine-readable pricing file, llms.txt, sitemap, and source citations are crawlable so buyers and answer engines can understand the product. Private hosted packets, dashboard routes, API routes, and artifacts remain outside the public crawl surface.

Are ReleaseNotary packets public by default?

No. Hosted packet pages and evidence artifacts are private by default and scoped to the customer review path. ReleaseNotary avoids durable signed packet links in proof artifacts, redacts sensitive values before durable writes, and keeps packet access bounded through project and org-level controls.

How does ReleaseNotary protect captured evidence?

ReleaseNotary protects captured evidence with redaction defaults, private artifact handling, project-scoped API keys, bounded audit events, retention controls, and rules against persisting rn_access URLs or sensitive tokens in durable logs, packets, PR comments, or reports.

Public pages are crawlable. Packet evidence is not.

The SEO surface explains the product. The product evidence surface keeps packet and artifact access bounded to the customer review path.