Trust Center

Start here

This is a verification hub (not marketing): how Shipyard handles security, privacy, disclosure, releases — with links you can audit.

Security Privacy Disclosure Support Releases Contact

Shipyard keeps delivery evidence and governance documentation accessible without overstating what we can promise. Browse the topics below to learn how we handle security, privacy, disclosure, releases, and support.

Join the compliance waitlist Evidence Pack

Navigate the policies

  • Security — how we keep evidence exportable and verifiable.
  • Privacy — what we collect on this landing site.
  • Responsible disclosure — how to report issues.
  • Support — how we respond to questions.
  • Releases — where we publish artifacts.
  • Contact — who to email for each topic.
  • Terms — License, boundaries, acceptable use (with disclaimers).
  • Status — Current service shape & data flow (local-first).

Verifiable sources

Shipyard artifacts are anchored in GitHub releases and evidence bundles with checksums; every bundle includes SPEC.md, VERIFY_REPORT.md, and SHA256SUMS.txt so you can confirm what was packaged.

  • GitHub: tags/releases document commits and diffusion.
  • Evidence bundle: SPEC/VERIFY/SHA256SUMS files stay with every build.
  • Security text: /.well-known/security.txt lists contacts and policy scope.

Export & evidence

Want to run the same checks locally? The Evidence Pack exports NDJSON logs, artifacts, and signed manifests so you can hand auditors an end-to-end trail.

Evidence Pack Join the Evidence Pack waitlist

Compliance teams can refer to the /waitlist/?persona=compliance path for evidence-focused reviews; we describe exactly what the pack provides rather than promising certifications.