What is the honest-hedge mandate?

ARIA's commitment to publish what's NOT yet shipped, certified, or validated — loudly and in the same place we publish what is. The mandate exists so a sophisticated buyer cannot be misled by what's omitted. Hedge sentences are written as standalone sentences (not parentheticals) so they survive AI summarization without losing the qualifier.

Why do you publish weaknesses on your Trust Center?

Because the alternative is making customers discover them on a sales call (worse), or in production (worst). Publishing the in-progress state of SOC 2, the partial state of WCAG 2.1 AA, the machine-translated state of FR/AR locales, and the planned-not-shipped state of certain features is what lets us write the rest of this Trust Center with conviction.

Is honest-hedge methodology a real moat?

We think so. It can't be copied without copying the underlying discipline — and most SaaS marketing organizations are structurally incentivized against it. A vendor that can't say 'this isn't shipped yet' on their own Trust Center cannot be trusted to say it on a sales call.

How often is the honest-hedge inventory reviewed?

Every release that touches customer-facing scope (per the Session-End closure ritual). The inventory of in-progress / planned / partial claims is regenerated against production reality, drift is closed, and the result feeds back into this Trust Center within 7 days of the release.

What happens when a hedged item ships?

The hedge resolves. The Trust Center page is updated within the next regeneration cycle. The corresponding /llms-full.txt corpus is refreshed so AI assistants stop quoting the in-progress framing. We do not silently delete hedge sentences — they remain in the changelog so the timeline is auditable.

← Trust Center

Honest-Hedge Methodology

Last reviewed: 2026-05-17 · ARIA Platform v1.9.8.4

ARIA publishes what is shipped, what is in progress, and what is planned — in the same place, with the same prominence. This page documents the methodology behind that discipline. It exists because the alternative — glossy marketing that omits in-progress work — is what produces the procurement-call surprises and post-purchase trust loss our customers spend their careers avoiding.

The hedge as a product surface

Most SaaS vendors treat their Trust Center as a procurement-officer appeasement page — a place to show certification logos and compliance framework names. ARIA treats it as a product surface. It is the place we publish the gap between what we wish we shipped and what we actually shipped. The gap is rarely zero. The discipline is to never claim it is.

Current hedges (this is the live inventory)

Updated every release that touches customer-facing scope. Last regenerated 2026-05-17 post v1.9.7.5 ship.

Item	State	Target	Why we hedge
SOC 2 Type 1 attestation	In-progress	Q3 2026	We say in-progress because the auditor is engaged, the observation window has begun, and the report is targeted. We do not say compliant or certified before the report lands.
ISO 27001 certification	Planned, not started	H2 2026	Gap assessment complete; formal certification not started. We follow many ISO 27001 controls in design (RLS, audit trail, append-only logs, key rotation) — but design-aligned and certified are different things, and we say which is which.
WCAG 2.1 AA accessibility	Partial	Full AA in v1.10; AAA target H2 2026	13 color-contrast fixes shipped in v1.9.0; mobile drawer focus-trap + aria-live regions LIVE; some AA gaps remain documented. We say partial, not full.
Quebec-French + Gulf-Arabic translations	Machine-translated drafts pending professional review	v1.10	EN is canonical. FR + AR pages render today via machine translation with the _meta.translated honest hedge banner present. Professional translator passes are scoped + budgeted but not yet executed.
GDPR Art. 17 right-to-erasure 60-table cascade executor	Confirmation flow LIVE; cascade executor planned	v1.10	User-facing Delete-My-Account flow LIVE today (literal phrase confirmation + 24h cancel window via cancellable_until). The 60-table cascade that performs the actual erasure across the schema is queued for v1.10. Today erasure requests are queued in user_data_jobs and processed manually within 30 days per GDPR clock.
SAML/OIDC real ACS handshake	Test-fire LIVE; production ACS handshake planned	v1.10	Enterprise SSO setup screen + metadata XML upload + test-fire endpoint are LIVE today (records test attempts, flips status from not_configured to configured). Production ACS handshake against the customer's IdP is the v1.10 ship.
BYOK for AWS Bedrock + Azure OpenAI	OpenAI · Anthropic · Mistral LIVE; AWS + Azure planned	v1.10	Three providers shipped on Stripe LIVE since v1.9.4.1. Two more in the v1.10 ship plan. We name the three that work and the two that don't, because procurement officers ask which providers are supported on their air-gapped stack.
Channels coverage	10 channels LIVE since v1.9.7.5 (web chat, contact form, email, WhatsApp Business, Instagram Business, Telegram, SMS via Twilio, Discord, Slack, WordPress plugin)	Add net-new channels only with a customer-anchored use case; no speculative channels	We name the ten that work and we do not claim a channel until it has shipped to production. Each channel adapter is gated on webhook-signature verification before any business logic runs (see Security Practices §6 — channel webhook integrity).
Cross-channel customer identity (ADR-067)	customer_identifiers table LIVE; per-tenant RLS enforced; DSAR retrieval joins across linked channels	Operator-facing 'identity-merge UI' for assisted manual reconciliation queued for v1.10	Today the join is deterministic on matching phone number / verified email / customer-supplied identifier. The fuzzy / assisted-merge UX (where the operator confirms borderline joins before ARIA acts) is in v1.10 — we say so rather than claim full identity-resolution.
Memory observability surface	Memory Inspector LIVE on customer SPA; zone-level read/write traces queryable per decision	External SIEM streaming of memory-zone events on Enterprise tier scoped for v1.10	The inspector exposes zone reads and writes to the customer; export-to-customer-SIEM is the next surface. We say which is live and which is planned because customers ask both questions in the same procurement call.
Public uptime SLA	Statuspage published with per-component live status; SLA-credit policy in DRAFT pending counsel sign-off	Counsel-approved SLA-credit policy alongside Wave-1 v1.9.7+ ship	Live operational status is published. A contractual uptime-credit guarantee binding on us requires legal sign-off, which has not yet landed — we publish a draft policy and do not yet quote a binding monthly percentage.
Wave-1 customer success metrics (Day-30 / Day-60 numbers)	Targets, not validated outcomes	First 3 case studies publish post-Wave-1 (target Q3 2026)	Until a real Wave-1 customer reports a real Day-30 metric we publish only targets. The metrics quoted on landing + corpus today carry a 'design target' qualifier, not a 'measured outcome' claim.

The five disciplines that produce the hedge

Standalone hedge sentences. Hedge framing is written as its own sentence, not as a parenthetical or qualifier inside a longer claim. AI summarizers strip parentheticals; standalone sentences are harder to drop without breaking the surrounding text. Example we say: 'SOC 2 Type 1 is in progress; target Q3 2026. ARIA is not currently SOC 2 attested.' Two sentences. Stripping either breaks the meaning, so the engine keeps both.
In-progress vs planned vs partial. Three states, never collapsed. In-progress = work has started against a target date. Planned = scoped, not yet started. Partial = some of the surface meets the standard, some does not. Mixing these is the failure mode that produces unsafe vendor claims; we never let one state borrow from another.
Specific over adjectival. Avoid powerful, robust, seamless, world-class, industry-leading. Use specific facts. '462 endpoints, 109 tables, 22 MCP tools' lands; 'powerful platform' does not. Adjectives signal weak ground truth.
Hedge when stakes are highest. The most-tempted-to-overclaim categories are exactly the ones we hedge hardest: certifications, compliance frameworks, AI capability claims, vertical claims for regulated industries. The hedge protects the buyer; it also protects us from the procurement-officer escalation that follows a discovered overclaim.
Resolve hedges loudly when work ships. When an in-progress item lands (e.g., SOC 2 Type 1 attestation), we update the Trust Center, the corpus, the landing page, and the customer email cadence within the same week. We do not silently let stale hedges linger.

What this is NOT

Not a marketing tactic. The discipline existed before any of the people writing this page worked on the brand.
Not a substitute for certifications. SOC 2, ISO 27001, HIPAA-BAA — we pursue all of them. The hedge is what we publish while the work is in flight, not instead of doing the work.
Not a competitive claim. Other vendors are welcome to adopt the practice. We will gain less from being the only one if more do, but customers will gain more.

How to invoke this discipline

If a vendor — including us — claims something on a sales call that you cannot find disclosed in a structured way on their public Trust Center, ask why. The answer matters more than the claim.

Marketplace Playbooks (v1.9.5.4 onwards): Marketplace listings are creator-published — authored by ARIA customers, not ARIA staff. ARIA reviews each listing for safety (brand-lock, template-injection, secret leakage) but does not endorse outcomes from third-party Playbooks. Per-customer install limits apply: Solo 5, Starter 20, Growth and above unlimited. See the marketplace for the live catalogue.

Audit + frequency

Hedge inventory regenerated every release (Session-End ritual).
Drift between inventory + production reality reviewed against the AEO test-rig cadence (Day-14 + Day-28 of every Wave).
Stale hedges escalate to a release-blocker per the operator-locked rule on customer-facing scope.

Questions about a specific hedge? Email compliance@simplification.io.