Trust
Patent moat
| Patent | Application | Filed | Claims | Independent claims |
|---|---|---|---|---|
| A — GenAI WCAG remediation (primary) | US 64/030,762 | 2026-04-06 | 58 | 8 |
| J — multi-domain orchestration (transitive) | US 64/022,466 | 2026-03-30 | 50 | 5 |
Patent A is the primary moat: a strict subset of its independent claims (IC1 tiered cascade, IC2 multi-tool with confidence, IC3 version-aware, IC4 source-code apply, IC6 MCP server interface, IC8 PII-safe preprocessing) is what Reverter implements. Patent A PCT international protection deadline: 2027-04-06. Reverter status remains patent-pending until the USPTO completes examination of the eventual nonprovisional application; we do not claim "patented".
Data handling
- PII-safe preprocessing (Patent A IC8). Microsoft Presidio + spaCy NER swap PII for type-preserving placeholders before any LLM call; restored on output. Round-trip non-PII byte-diff is zero by construction.
- EU residency by default.
All scan + audit-log storage in
eu-north-1(Stockholm); self-hosted LLM option runs on Hetzner FSN1 / HEL1 for customers that require sovereign EU LLM execution. - No source code retention without opt-in. VS Code extension runs in local mode by default; cloud LLM is a per-workspace opt-in. The extension's PostHog telemetry (when opted in) records crash + activation only — never code, never scan results.
- DPA available for Business and Enterprise customers.
- Retention: 30 days default; 7 years on Enterprise tier (matching EU AI Act audit-trail requirement).
Compliance status
- SOC 2 Type II — planned
- GDPR Article 28 DPA — available on request
- EU AI Act Article 50 audit-trail — built-in for Enterprise
- EAA / WCAG 2.2 AA — this site is itself axe-clean (see "Cobbler's shoes" below)
Status statements above are commitments; certifications listed as "planned" or "in flight" have not yet been awarded.
Security posture
- Static-site delivery. reverter.ai marketing is Astro static HTML on Cloudflare Pages; no runtime server, no database, no user input fields beyond the contact mailto.
- Strict CSP. See
public/_headers—default-src 'self', no third-party trackers, no cross-origin scripts except first-party PostHog (when enabled). - HSTS preloaded with 2-year max-age,
includeSubDomains; preload. - X-Frame-Options DENY + frame-ancestors none (clickjacking-safe).
Cobbler's shoes
Reverter is an accessibility-fix tool. Reverter must itself be
impeccable. Every page on this site is checked with axe-core
(target: 0 violations across WCAG 2.0 / 2.1 / 2.2 AA tags) via
pnpm test:a11y running Playwright + @axe-core/playwright.
If you find an accessibility issue,
email [email protected] and we
will fix it.