TRUST CENTER / PUBLIC BASELINE
Inspect the controls before you share context.
Implemented controls, delivery rules and evidence not yet available are labelled separately.
← HOMECONTROL SCOPE / EVIDENCE BASIS
Separate runtime controls, delivery controls and capability evidence.
Public Intake Controls
- Browser-side inquiry encryption
- ENABLED WHEN INTAKE IS OPENThe browser creates a fixed-size JWE; the public receiver stores ciphertext.RUNTIME + SOURCE VERIFIED
- Application raw-IP persistence
- 0The application does not persist raw IP or complete user-agent strings; upstream controls are separate.SOURCE / TEST VERIFIED
- Inquiry envelope expiry
- ≤ 48 HOURSApplication-layer scheduled expiry; independent deletion-test evidence remains pending.RUNTIME CONTROL / TEST PENDING
Project Delivery Controls
- Authority and scope
- REQUIRED BEFORE WORKTesting and production access require written authority, scope, stop conditions and named decision rights.CONTRACT CONTROL
- Customer-boundary delivery
- DEFAULT WHERE PRACTICALTechnical work remains in the customer environment wherever the engagement permits.DELIVERY POLICY
- AI authority
- HUMAN APPROVALCustomer data is not used for model training; high-impact actions remain under human authority.OPERATING POLICY
Service Capability Evidence
- Core-team experience
- 20+ YEARSArchitecture, SRE/operations and security experience reported for the core team.COMPANY-REPORTED
- Availability objectives
- TARGETS UP TO 99.99%Historical client work; not a default SLA or guarantee for every system.COMPANY-REPORTED HISTORICAL WORK
- Client delivery records
- PUBLISHEDCUSTOMER-AUTHORIZED SUMMARYVIEW RECORDS →
The scope and evidence behind every zero are visible.
Each figure shows its evidence type and verification status.
Annual disclosures against defined customer-data controls.
Company-wide records since incorporation in 2020. Counts use the definitions shown in this table. A zero applies only to the defined event and is not a general security guarantee.
* 2020 covers the period from incorporation. Retention metrics count copies held beyond the applicable contractual or published deletion deadline; approved temporary processing within an authorized task is excluded.
Inquiry retention is enforced by this website runtime. Project deadlines are delivery controls. Technical content is separated from the small legal and transaction record that may need longer retention.
Applicable Japanese requirements include APPI, the Act on Prohibition of Unauthorized Computer Access, FEFTA and external-transmission rules under the Telecommunications Business Act. Before formal work begins, X FUTURO verifies authority, written authorization, scope and stop conditions. Customer eligibility and end use are reviewed before acceptance.
Keep legal evidence small. Keep customer technical content out of the archive.
DATA NOTICE / 2026-07-15 / v11Customer production data and sensitive technical information remain in the customer environment whenever practical. The first inquiry requires only a message with enough context to decide whether a conversation makes sense.
Statutory retention, valid compulsory process or a narrowly scoped Legal Hold may override the normal deletion schedule.
ENCRYPTED CONTACT
Start with a short description of the problem.
A short message is enough. Add a phone number, LINE, WhatsApp or email only if you want a reply; a prior receipt may link a follow-up. If you prefer another contact method, describe it in the encrypted message.This browser does not provide the native security and dialog capabilities required for encrypted intake. No form is shown and no plaintext fallback is available. Use a current browser over trusted HTTPS.