← Back to Trust Center

Trust Artifact CAIQ-Lite / SIG-Lite format

Security Questionnaire — Pre-filled

Common diligence and procurement questionnaire answers, in template form. Update one column per customer; reuse the rest.

Owning pathkeepers: domain/security, lifecycle/sales-engineer

Posture statement (always include this)

Pathfinder is a single-user macOS desktop application running entirely on customer-owned hardware. We do not host a Pathfinder SaaS. We do not have a multi-tenant backend. We do not have a copy of customer data. The trust boundary is the macOS user account.


Q&A

A. Company & product

Q A
Vendor legal name Colby's Data Movers LLC
Product name Pathfinder
Deployment model Customer-installed desktop application (macOS)
Multi-tenant? No — single-user per workspace per device
Where is product hosted? On customer's hardware
Where is customer data stored? Per-workspace SQLite file on customer's hardware
Where do credentials live? macOS Keychain (encrypted at rest by macOS)
Is there a control plane we depend on? No
Do you have a SOC 2 report? Not currently — see compliance crosswalk for control mapping

B. Data flows

Q A
Does your product send our data to a third party? No. Pathfinder reaches customer-owned SaaS endpoints only, pinned by per-connector base-URL allow-list
Do you use AI/ML on our data? Only if the customer opts in to Fabric, supplies their own LLM API key, and explicitly invokes a pattern. Disabled by default
Do you log customer data? Diagnostic logs may contain object/field names and counts; never record values, never secrets
What outbound URLs does Pathfinder hit? Only the customer's configured SaaS APIs. See the HTTP threat model for the allow-list
Inbound network listeners? None

C. Access controls

Q A
How are vendor employees authenticated to the customer environment? They aren't. Pathfinder runs on customer hardware; we do not log in
How are credentials stored? macOS Keychain via security_framework. Not SQLite. Not env vars. Not logs
Encryption at rest? macOS FileVault (customer-managed) for the workspace; Keychain for credentials
Encryption in transit? TLS 1.2+ via rustls for every outbound HTTP call
Cert pinning? Per-connector base-URL allow-list pins the host; TLS chain validated by OS trust store
Privileged access management? Not applicable (no shared infrastructure)

D. Software supply chain

Q A
SBOM available? Yes — generated per release; see docs/RELEASE_ENGINEERING.md and the script scripts/sbom.sh
Dependency vulnerability scanning? GitHub Dependabot + cargo deny on every push; standing triage tracked in H6_DEPENDABOT_TRIAGE.md
Code signing? Apple notarisation per release
Reproducible builds? Tracked as E7.4 — not guaranteed today; release artefacts checksummed
Source code custody? Private GitHub repository under tbcolby/pathfinder; will transfer to acquirer at close

E. SDLC

Q A
Code review required? Yes — lifecycle/code-reviewer pathkeeper, plus reviewer approval on PR
Static analysis? cargo clippy, ESLint, cargo deny, secrets-lint CI gate
Dynamic / runtime analysis? Tests (~5,200+), property tests (~20), criterion benches. Fuzz harnesses for IPC/MCP tracked as E3.6/3.7
Pen test cadence? Not currently. Decision documented in ENTERPRISE_HARDENING_PLAN.md §21
Vulnerability disclosure? See the Vulnerability Disclosure policy

F. Incident response

Q A
Notification SLA on a confirmed vulnerability? 72 hours from confirmation
Customer-side mitigation guidance? Provided as a runbook entry, e.g. docs/runbooks/SUPPORT.md
Audit log retention? The customer controls retention — the audit chain is per-workspace and append-only

G. Data subject rights

Q A
Data residency? Customer's hardware
Right to deletion? Customer deletes the workspace folder
Data portability? In-app workspace archive export produces a portable .zip
Cross-border transfers? Driven by customer's SaaS choices, not by us

H. Continuity

Q A
What happens if Colby's Data Movers shuts down? Customer's workspace remains usable indefinitely. Source code transfers per the Agreement
Escrow? Source escrow available on request
Disaster recovery? Per-workspace — customer's responsibility on their hardware. The workspace archive supports full restore

How to use this document

  1. Copy this file to a customer-specific working copy.
  2. Walk row-by-row; customise the "A" column with specifics.
  3. Highlight any "TODO" left in the customer's working copy.
  4. Send the response.

Refresh this template on every release that materially changes the security posture (new connector type, new substrate, new third-party subprocessor).

Have procurement questions?

Email security@colbysdatamovers.com or book a discovery call.

Book a discovery call →