ClarityLift · Integrity Statement · v1.0
How ClarityLift implements the Integrity Framework.
This document records how the Integrity Framework v1.0 layers and the Startvest Trust Principles are implemented in this product. If a layer or principle is not implemented, this document says so and what it would take to close the gap.
What ClarityLift sells
Organizational health intelligence. Aggregate signals about communication patterns, team-level friction, retention and stability, and culture drift. ClarityLift does not issue compliance certifications, attestations, or third-party audit reports. Customers pay for the analytics outcome, not for an artifact.
This category sits adjacent to compliance (workforce analysis exposure, Colorado AI Act, Title VII, NLRB). The framework still applies. Layer 1 vetoes are mostly about avoiding category drift, not compliance theater.
Layer 1: pre-build vetoes
Artifact versus outcome
PASSSells team-health analytics outcomes. No certification, no badge, no compliance score sold as a deliverable. Pricing pages describe ongoing analytics, not artifacts. Insight outputs are signals to act on, not stamps to display.
Independence
PASSClarityLift does not certify or audit its customers. The customer pays for analytics tooling against their own communication signals. No third-party certification claims are sold. SOC 2 Type 1 (if pursued) would cover ClarityLift's own controls, not customer compliance state.
Verifiability
PASSEvery signal is mechanically computed from observable Slack, Teams, and Discord events under retention-zero. No customer-attestation path produces compliance claims. Classification source is recorded. Insights cite the underlying signal records.
AI accountability
PASS (by scope)LLM outputs are signal classifications and advisory insights, not customer-facing compliance attestations. Per docs/adr/0001-retention-zero.md and the LLM provider abstraction at src/lib/llm/provider.ts, all AI traffic is gated through one wrapper enforced by HIGH-C-LLM-WRAPPER. Anthropic ZDR and Azure OpenAI in-tenant retention. No AI output reaches a verified claim. Adversarial Sentry scrub tests in src/lib/sentry/__tests__/scrub.test.ts prevent leakage.
Scope clarification.The framework's Layer 2 constraint applies to AI-generated compliance outputs and customer-facing claims. ClarityLift's AI produces neither. Insights are explicitly advisory analytics, not compliance attestations. The retention-zero wrapper is the structural gate that confines AI to the advisory path. If ClarityLift ever ships a customer-facing “verified X” claim, Veto 4 and Layer 2 Constraint 2 reopen, and a formal human-review gate ships before the claim does.
Pricing-rigor alignment
PASSTier-based, usage-tied pricing. No “unlimited audits” language. Cost rises with workspace count and signal volume. Analytics rigor does not depend on bulk discounts.
The TechCrunch test
PASSSurvived two CISO reviews. Privacy posture documented publicly at /privacy. Marketing copy enforces specific, defensible language. No phantom claims. Coverage percentages are not asserted. architectural-rules.json enforces 40+ invariants at CI.
Layer 2: architectural constraints
Status table for the seven framework constraints as implemented in ClarityLift.
| Constraint | Status | Implementation |
|---|---|---|
| Evidence chain integrity | N/A | Not a verification product. Signals reference event ids in HealthSignal.ts and Insight.ts, sufficient for analytics traceability. |
| AI output review gates | PASS (by scope) | The constraint applies to AI compliance outputs and customer-facing claims. ClarityLift's AI produces neither. Outputs are advisory insights only. The retention-zero wrapper at src/lib/llm/provider.ts (CI-enforced via HIGH-C-LLM-WRAPPER) is the structural gate that confines AI to the advisory path. Constraint reopens if any customer-facing “verified X” claim is added. |
| Customer self-attestation isolation | N/A | No customer-attested compliance claims are produced. |
| Reproducibility | PASS | Methodology documented in docs/specs/compliance-layer.md and docs/adr/. Quarterly classifier reproducibility sampler runs the synthetic-corpus fixtures through the active classifier and reports signal-type and severity agreement. Synthetic corpus, never user data. Retention-zero compatible by design. |
| Evidence retention | N/A (retention-zero is the inverse) | CRIT-C-RAW-MESSAGE-RETENTION enforces no raw text persists. Consent ledger (ConsentRecord.ts) retains 7 years. Audit log retains 7 years. |
| Independent verification hooks | PARTIAL | DSAR export available (src/lib/dsar/exporter.ts). No formal auditor read-only role. |
| Failure transparency | PASS | Sentry scrubber drops sensitive context, surfaces actionable error class. Classification skip reasons logged transparently. Channel exclusion patterns visible in admin UI. |
Layer 3: operational guardrails
| Guardrail | Status | Reference |
|---|---|---|
| Refund-on-failure clause | NEEDS UPDATE | Not in current MSA. Draft at Startvest/contracts/MSA-refund-clause-DRAFT.md. Pro-rated refund for any month where ClarityLift produces a documented insight that materially misrepresents the underlying signal. |
| Public methodology page | PASS | Live at /methodology. Versioned, changelogged. CI-enforced via HIGH-SV-METHODOLOGY-VERSIONED. |
| Annual independent audit | DEFERRED PENDING FUNDING | SOC 2 Type 1 (or equivalent CPA / security firm engagement) is required to close vendor scorecard row 3. Currently unfunded. Honest classification: not "scheduled" or "in flight." Moves to PARTIAL once funded; YES only after a completed cycle with public findings. |
| Customer-side compliance owner | PASS | Sales motion qualifies CISO / IT review by default. Absence is a disqualifier, not a delay. |
| Whistleblower channel | NEEDS UPDATE | whistleblower matched in default channel-exclusion patterns at src/lib/compliance/channel-exclusion.ts (the channel is not read). Separate: no formal external whistleblower address for ClarityLift integrity reports. Action: route through integrity@startvest.ai. |
| Accountability community | PARTIAL | Public methodology and CISO-review posture serve this role. No specific identified community. |
| Public kill criteria | PASS | Live at /service-standards. Specific thresholds across quality, privacy, customer-trust, and operational categories with explicit sunset triggers. |
Vendor scorecard
Self-assessment against the framework's standardized scorecard.
| # | Question | ClarityLift |
|---|---|---|
| 1 | Public methodology page exists? | YES — /methodology |
| 2 | Refund-on-failure clause in standard MSA? | NO. Drafted, not yet rolled into MSA. |
| 3 | Independent third-party audit, annually, with public findings? | NO. Deferred pending external funding. Engagement cost (CPA / security firm) is currently unfunded. Moves to PARTIAL once funding is secured and an engagement letter is signed; YES only after a completed cycle with public findings. |
| 4 | Per-product INTEGRITY.md in public repo? | YES. This statement. |
| 5 | AI output review gate structurally enforced? | YES (by scope). Retention-zero wrapper CI-enforced via HIGH-C-LLM-WRAPPER. AI outputs are advisory only and never reach a customer-facing “verified X” claim. Reopens if scope changes. |
| 6 | Public kill criteria with specific thresholds? | YES — /service-standards |
Score: 4 YES / 0 PARTIAL / 2 NO.Row 5 flips from PARTIAL to YES via scope clarification. The flip is reversible. Adding any “verified X” customer claim reopens the gate. Row 2 is drafted and pending finalization. Row 3 is deferred pending external funding, published honestly rather than relabeling as “in flight” or “scheduled.”
Outstanding gaps
- AI review gate is by-scope, not by-explicit-step. Acceptable today because insights are explicitly advisory and never reach a customer-facing compliance claim. Required to add a formal human-review step if ClarityLift ever publishes a customer-facing claim of the form “verified X.”
- Refund-on-failure not in MSA. Draft exists at
Startvest/contracts/MSA-refund-clause-DRAFT.md. Roll into next MSA revision. - No formal external auditor mode. DSAR export covers customer self-export. A separate auditor-scoped read-only role would let an external CPA inspect classifier outputs without going through the admin UI.
- Annual third-party audit deferred pending funding. SOC 2 Type 1 (or equivalent engagement) is required to close vendor scorecard row 3. Honest classification: not “scheduled” or “in flight.”
Each of these is named here rather than hidden. The framework treats hidden gaps as a Layer 1 Veto 3 failure.
Changelog
v1.0, dated 2026-04-25
- Quarterly classifier reproducibility sampler shipped. Synthetic-corpus test runs the active classifier and reports signal-type and severity agreement. Layer 2 Constraint 4 (Reproducibility) flips PARTIAL to PASS.
- Row 3 (annual third-party audit) reclassified as “deferred pending external funding” rather than “in roadmap.” Honest framing per the framework's integrity principle.
- Row 5 (AI output review gate) flipped from PARTIAL to YES via scope clarification. Layer 2 Constraint 2 applies to AI compliance outputs; ClarityLift's AI produces only advisory insights. Retention-zero wrapper is the structural gate. Score 3/6 to 4/6.
- Methodology page and service standards page shipped. Layer 3 guardrails for “Public methodology page” and “Public kill criteria” now PASS.
- Cited The Integrity Framework v1.0 in the header. Vendor scorecard self-assessment added.
- Initial INTEGRITY.md created as part of Startvest Integrity Framework rollout. Mapped existing controls. Identified gaps in refund clause, methodology page, kill criteria, and formal whistleblower channel.
Contact
Integrity reports: integrity@startvest.ai. Monitored quarterly by external counsel.
Reviewer: Tom Pinder, Founder. Next scheduled review: 2026-07-25.