AegisReview keeps the compliance file clean, controlled, and usable.

Public pages explain the workflow. Private workspaces hold customer files.

The public site shows the offer, sample file, educational guides, and intake request. Customer records, restricted evidence, review decisions, and export-ready work product live in assigned workspaces after scope and access are approved.

• Public siteHomepage, guides, sample file, pricing, walkthrough, Trust & Data, and contact/intake forms.
• Guided launch requestA fit check before a workspace is opened. The first request does not require confidential HR files or applicant data.
• Private workspaceWorkspace records require Supabase authentication, active membership, role-based access, and unexpired trial or engagement status.
• Evidence intake gateRestricted business documents require signed written scope, DPA/data terms, private storage, no Tier 3 data, and a 30-day Tier 2 retention deadline.
• Operator consoleInternal review tools check workspace membership, isolation, retention status, and data-boundary acknowledgments without exposing a service-role key in the browser.

Keep the first review narrow.

The Snapshot is built from approved company context, public signals, known hiring tools, vendor documentation status, and human-provided notes. It does not require resumes, applicant files, employee medical information, payroll records, SSNs, bank data, or government IDs.

• Company and role contextCompany name, website, hiring locations, review contact, and assigned team.
• Hiring-tool inventoryATS, assessment, video interview, sourcing, scheduling, HRIS, or automation tools involved in hiring or employment workflows.
• Documentation statusKnown vendor records, missing evidence, notice status, assignee, and next review date.
• Review notesHuman-approved notes about what is confirmed, open, unknown, or waiting for counsel/vendor response.

Built for controlled first reviews.

• Workspace-scoped recordsBackend review records are tied to a specific workspace and visible only to active workspace members.
• Session-only workspace configThe browser stores workspace connection settings in session storage for the active tab. The service-role key never enters the browser.
• Public samples stay separateSample files and walkthroughs stay separate from customer workspaces so public review materials do not become customer records.
• Customer-data gateCustomer records require verified workspace access, active membership, written scope, and review boundaries.
• Encryption posturePublic pages run over HTTPS. Restricted evidence is stored in private backend storage and accessed through short-lived signed URLs.
• Access controlCustomer and counsel access is role-based, workspace-limited, and removable when the engagement or review permission ends.
• Retention and deletionTier 2 restricted business evidence receives a retention deadline no later than 30 days after receipt and a documented deletion path.
• SubprocessorsCustomer-facing agreements identify the core hosting, database, form, and document services used for the engagement.
• No model trainingCustomer review files are not sold and are not used to train AI models unless a customer separately agrees in writing.
• DPA pathA data-processing addendum or data-handling addendum must be scoped and signed before Tier 2 restricted business documents are accepted. Tier 2 materials are retained for no more than 30 days by default.

Clear limits without burying the product.

• Not a law firmT&T Compliance Shield provides workflow software, documentation, and review materials. It does not replace legal counsel.
• No blanket certificationThe Snapshot is a review file and action plan, not a compliance certification.
• Evidence-based recordsEvidence labels separate public signals from confirmed records, parent-route findings, rejected false positives, and counsel-review items. Employer or vendor confirmation turns a signal into a confirmed tool record.
• No automatic sendsNotice templates, reports, and outreach stay behind HR/legal approval before customer, applicant, employee, or regulator use.
• Template useTemplate scaffolding and internal workflow tracking are operational aids. They are not legal advice, legal records, or regulatory-submission materials unless approved by the customer and its counsel.

Tier 1 first. Restricted data only after written scope.

• Tier 1: standard review dataCompany name, website, known tools, public-source notes, approved workflow notes, vendor-evidence status, and review actions. This is the default first Snapshot scope.
• Tier 2: restricted business dataVendor contracts, confidential AI documentation, internal HR process documents, and non-public screenshots require signed written scope, named access, approved storage controls, and 30-day maximum retention.
• Tier 3: sensitive or regulated dataApplicant records, employee records, protected-class data, biometric data, payroll, medical, SSNs, bank data, government IDs, privileged legal communications, and credentials are not accepted in the standard Tier 2 lane.

The secure-storage lane.

• Authenticated workspacesCustomer files are separated by workspace with named user access.
• Role-based permissionsInternal reviewer, customer reviewer, counsel/read-only, and admin roles are separated. Trial users need unexpired workspace membership before records are visible.
• Private document storageRestricted materials require private buckets, signed access links, and no public document URLs.
• Audit logsCreate, update, delete, sensitive read, and export events are recorded for private workspace activity.
• Retention and deletionTier 2 evidence gets a written retention deadline no later than 30 days after receipt, plus a deletion process.