ROSA
Security overview

The safest data is data we never hold.

Last updated 5 July 2026

ROSA's security starts with a design decision: the check runs on the minimum data that can prove its findings, and nothing more. That restraint is deliberate, and it is the strongest control we have. This page sets out how we treat the data we do hold.

Minimal by design

Separate, private channels

Each party submits its own tape directly to ROSA. No party ever sees another party's feed. Reports return the same way: one report per party, delivered to that party's own private folder and nowhere else.

Reports scoped to their recipient

A funder's report covers that funder's own funding line. Where a finding involves another funder, the other party's identity is withheld from the page itself. The scoping happens when the report is built, so the document each recipient holds contains only what that recipient is entitled to see. There is no shared portal to misconfigure.

Verifiable, reproducible evidence

Every tape is hashed with SHA-256 when it arrives, and every report carries its own report id, the engine version and the evidence hash on the page. Underlying evidence is archived rather than bundled into the report. Any report can be checked against the archive, and any cycle can be reproduced from what each party submitted. You can see this on the specimen report.

This website

rosaverified.com is a set of static pages served over HTTPS. It has no accounts, no database, no cookies and no tracking scripts. See the privacy notice.

An honest note

ROSA is a young firm. This page describes what is true today; it does not claim certifications we have not yet earned, and it will grow as our controls do. If your due diligence needs more depth than this page gives you, ask us directly: [email protected].