How StandIn draws the line
We do not sell "magic" AI that knows everything.
We sell continuity software that respects privacy.
Security Boundary Statement
StandIn's protocol is enforced technically, not socially.
The system cannot access private messages, drafts, or unpublished content by design and by permission scope. There is no configuration, admin setting, or escalation path that enables this access.
If content is not explicitly published into a Wrap, committed to a system of record, or linked as a public artifact, it is invisible to StandIn.
This boundary is enforced automatically and cannot be bypassed.
The Response Spectrum
Every interaction falls into one of three strict categories.
1. We Answer
Explicitly Published
If a human wrote it in a Wrap, committed it to code, or updated a linked ticket, StandIn treats it as fact.
Only when the source is explicit, published, and within scope.
If any of these conditions are missing, StandIn will not answer.
2. We Redirect
Unknown but Routable
If the answer isn't in the record, StandIn identifies who holds the context and points you to them.
Redirection does not expose private context.
It only identifies an owner already listed in the declared record.
3. We Refuse
Private or Speculative
If it requires guessing, reading private messages, or inferring sentiment, StandIn stays silent.
Refusal is enforced at the system level.
Prompt phrasing, rewording, or escalation cannot bypass it.
The Prohibited List
These constraints are enforced by design. They are not feature toggles.
These are hard-coded constraints. There is no "admin override" for these features because they do not exist.
No Passive Monitoring
We do not watch your screen, track your mouse, or log your active hours.
No Private Message Ingestion
DMs are black boxes to StandIn. If you didn't post it publicly, it doesn't exist.
No Intent Inference
We do not guess why someone did something. We only report what they explicitly said.
No Management Oversight
Managers cannot query StandIn for "who is working hard?" or "summarize activity".
StandIn does not log, analyze, or summarize behavior in order to reconstruct these prohibited signals indirectly.
Enforcement Over Intent
StandIn does not rely on user intent or policy compliance to stay safe.
Fixed data scopes
Technical limits on data access that prevent scope creep.
Role-specific representatives
Agents are restricted to their defined domain and cannot access other data.
Time-bounded authorization
Access grants expire automatically and must be renewed by human action.
Hard refusal rules
The system is hard-coded to refuse privacy-violating queries.
Even well-intentioned misuse is blocked by default.