docs: W12 marketing+trust accuracy — SCC alignment, changelog, subprocessors, encryption copy, llms.txt backend#65
Merged
Conversation
The DPA explicitly incorporates Standard Contractual Clauses (Module Two, controller-to-processor) under §7 as the EU/UK transfer mechanism, but trust-residency.md was still claiming "we do not yet offer Standard Contractual Clauses." That contradicted the legally-binding doc and created a procurement-grade inconsistency. DPA stays as the source of truth — SCCs ARE incorporated. Trust-residency now matches: SCCs available by signing the DPA via support@instanode.dev, with the residency gap (NYC3-only today, no eu-west-1) carved out as the separate honest limitation.
Step-02 of the "Three steps" panel previously claimed unqualified "encryption at rest" alongside the anonymous-tier visual. The platform does encrypt vault secrets and stored connection_url ciphertext at rest with AES-256-GCM, but the customer Postgres cluster's disk does NOT have explicit at-rest encryption on the anonymous tier, and the panel sits visually next to the anonymous-tier 24h-TTL row. Narrows the claim to what is actually true: encryption at rest for vault secrets and stored credentials. Drops the "automatic backups" sub-claim from this panel — concrete per-tier backup retention lives on the Pro card on /pricing and in the snapshot-retention table at /docs/public/trust-residency where it belongs.
The DPA (§6 sub-processor change notice), subprocessors.md, and trust-residency.md egress section all reference /changelog as the canonical change-feed customers should subscribe to. Before this commit that link 404'd — every document making the 30-day-notice commitment was technically pointing at nothing. Ships a public lazy-loaded ChangelogPage in PublicShell chrome, mounts it on /changelog in both AppRoutes (browser) and SSRRoutes (prerender), and adds /changelog to PRERENDER_ROUTES so the page renders to static HTML on first byte for crawlers and procurement reviewers. Initial content: reverse-chronological entries for 2026-05-12, 2026-05-13, and 2026-05-14 covering the platform changes those days shipped. New entries go at the top of the ENTRIES array — single PR ships the change and the entry documenting it.
The published subprocessor list omitted four real-world sub-processors that the platform actually depends on. CAIQ Section H reviewers and GDPR DPAs both require this list to be exhaustive, not aspirational. Adds: - Resend — transactional email (verification, magic-link sign-in, billing notifications). USA. Auth-token payload transits in the message body during the validity window. - Cloudflare — CDN + DNS for marketing and dashboard hosts. Global edge. Calls out the TLS-termination-at-edge so reviewers know payload bytes are visible at the edge, not just request metadata. - Fastly + GitHub Pages — marketing site and /docs/public/* SSG hosting. Public assets only; no PII on this path. - Loops — lifecycle email forwarder. USA. Tagged lifecycle event metadata, matches the `Loops forwarder` audit kind in audit_kinds.go. Date bumped to 2026-05-14.
llms.txt and llms-full.txt described the storage endpoint as "S3-compatible storage" without naming the production backend. The generic phrasing is technically correct — every documented API stays identical regardless of backend — but a coding agent picking up the file has no way to know which region the bucket actually lives in, which matters for latency calculations and for the residency story that lines up with the trust-residency doc and subprocessor list. Names DigitalOcean Spaces (S3-compatible) in `nyc3` as the production object-store. Also calls out the 24h lifecycle-rule auto-deletion on the anonymous tier so an agent doesn't quietly rely on data sticking around past expiry. No "MinIO" string remained in either file — the in-cluster MinIO was already replaced with DO Spaces on the production cutover (RETRO 2026-05-12). This commit closes the loop on the customer-visible doc.
Merged
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
W12 cleanup pass on the marketing site + public trust docs. Five fixes, one per commit.
/changelogroute created (was 404). DPA §6, subprocessors.md, and trust-residency egress section all reference it as the contractual change-notice channel. Wired into AppRoutes, SSRRoutes (entry-server), and PRERENDER_ROUTES. Initial content covers 2026-05-12 / -13 / -14.Loops forwarderaudit kind).nyc3as the production object-store backend. No "MinIO" strings remained in either file (the in-cluster MinIO was already replaced in the 2026-05-12 cutover); this commit closes the loop on the customer-visible doc.Test plan
https://instanode.dev/changeloghttps://instanode.dev/docs/public/dpa.md(unchanged content, sanity check)https://instanode.dev/docs/public/trust-residency.md(SCC line aligned)https://instanode.dev/docs/public/subprocessors.md(Resend / Cloudflare / Fastly+GH Pages / Loops rows present)https://instanode.dev/llms.txt(DO Spacesnyc3named on POST /storage/new)https://instanode.dev/(homepage step-02 encryption copy softened)/changelogships pre-rendered HTML on first byte (visible without JS).Notes for review
/privacy+/termsis intentionally NOT in this PR — it's in a sibling worktree (feat/w12-funnel-chrome-fixes). Diff stayed clean to the five fixes scoped above.