Security & trust

The rules the pipeline enforces

1. Pixels never come from AI. Rendering is deterministic, tested code applying your committed brand specification. AI may author content where you allow it; it never draws your deliverable.
2. Every artifact carries its egress class. zero-egress or contract-protected — written by the pipeline based on what actually happened to the job, never by hand. A job that touched an AI API cannot be labelled zero-egress.
3. The zero-egress tier contains no AI at all. No model, no cloud, no internet in the pipeline — verified at installation, on your box, offline.
4. AI authoring is fail-closed. On the intelligence tier, if the DPA attestation is not in place, AI calls refuse to run. Spend is capped per job.
5. Synthetic media is consent-gated and disclosed — always. Video featuring a presenter likeness or a cloned voice requires recorded consent before the pipeline will produce it, and the deliverable discloses that it is synthetic. No product flag, tier, or entitlement can bypass this.
6. Nothing unverified is delivered. The visual-QA gate runs on every job, in every tier. A failing deliverable is withheld, with findings.

Provenance you can audit

Every deliverable records exactly which version of your brand specification produced it. When your brand changes — new logo, new palette, new template — you can prove which documents were produced under which rules, months later.

What “verified” means (and doesn’t)

Verified means the deliverable passed the visual-QA gate: layout, branding, logo placement, text fit. It does not mean DocMark fact-checked the content — your authors (human or AI) own the substance, and web-research outputs ship with cited sources so your reviewers can check them.

Want the detail? The security one-pager covers the trust boundaries, the egress classes, and the consent gates in a form your security team can file.