What this page covers
- Privacy and consent management principles.
- Security controls and audit readiness.
- Operational reliability practices.
- Clear separation between verified signals and work still in progress.
Policy and controls
Howfar implements controls aligned with common industry expectations (access control, encryption, logging, change management). Specific certifications may vary by deployment.
What buyers can review today
- Buyer review surfaces are available now: Security, compliance, status, pricing, contact, and investor-relations routes are live for diligence and procurement review.
- Verification gates are scriptable: Local verification, predeploy verification, live verification, and strict proof scripts are all present in package scripts.
- Operational ownership is explicit: Public status surfaces pair with authenticated admin security and observability areas for internal operations.
Honest current limitations
- Feature activation is still broader than the current live surface: The detailed feature matrix still includes PARTIAL and PLANNED capabilities, so the repo now tracks honest completion through a strict activation manifest instead of flipping everything to LIVE by declaration.
- Public load and failover artifacts are still pending: The k6 harness is in-repo and the Windows Docker path handling was hardened, but smoke/stress artifacts still need to be generated and published before stronger resilience claims are fair.
- Browser E2E artifacts for commerce are still pending: Marketplace and subscription critical paths are now integration-tested, but public browser E2E artifacts for seller onboarding, checkout, and self-serve billing are not yet published.
Contact
For compliance inquiries, use Contact. For broader diligence, review the Trust Center and Status pages.