Trust and security
Defensive scans. Redacted findings. Clear authorization.
CapitalGuard is built for teams that need a focused AI-agent exposure review without overclaiming protection, compliance, or certainty.
Repo ownership confirmation required
Least-privilege GitHub access
Secrets redacted in UI and reports
Customer code is not used for model training
Uploaded repos deleted after scan unless monitoring is enabled
Sensitive data encrypted
Isolated scanning workers
Access logged for auditability
Responsible disclosure channel
Public proof
Verify badge status without exposing customer systems.
CapitalGuard public verification confirms badge status, scope label, and scan date only. It never shows private findings, raw paths, source code, secrets, or license keys.
Third-party verification
Customers can share a public verification code after an approved scan. Visitors can check that code on the verification page without accessing the buyer dashboard.
Verify BadgeVerification lifecycle
Public proof is issued only after payment, authorization, and operator approval.
The badge system is designed to help customers share a restrained proof point while keeping sensitive security work private.
Paid license
The buyer purchases Starter, Growth, or Pro through the hosted checkout before private delivery starts.
Authorized scan
CapitalGuard records repository ownership or written authorization before reviewing any scope.
Operator approval
A public record is issued only after the completed scan is approved for external status sharing.
Public verification
Visitors can check badge status, public scope label, scan date, expiry, and revocation state.
Claim boundaries
Useful public proof without dangerous overclaiming.
CapitalGuard verification should help a buyer prove that a specific public scan status exists. It should not become a misleading security seal.
Open VerificationBadge builder
Create a restrained public proof badge.
Use this after CapitalGuard issues an approved public verification code. The badge links to public status only and must not imply guaranteed protection, compliance certification, or complete risk removal.
Preview
CapitalGuard scanned: Acme Platform - Main product repoVerification URL
https://capitalguard.io/verify?code=CGV-EXAMPLE1
Embed snippet
<a href="https://capitalguard.io/verify?code=CGV-EXAMPLE1" rel="noopener" style="display:inline-flex;align-items:center;gap:8px;border:1px solid #1118271a;border-radius:8px;padding:10px 12px;background:#ffffff;color:#111827;font:700 13px system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;text-decoration:none;"><span style="width:8px;height:8px;border-radius:999px;background:#19a974;display:inline-block;"></span>CapitalGuard scanned: Acme Platform - Main product repo</a>
Responsible disclosure
Report suspected vulnerabilities to security@capitalguard.io. Include affected paths, reproduction steps, impact, and contact details. Do not access customer data or third-party systems without authorization.