Procurement questionnaires usually take weeks. Ours takes one URL. Download our evidence pack, verify the audit log live, and skip the back-and-forth.
Every privileged action is hash-chained to the next. Modify, insert, or delete any past entry and the chain breaks — visibly, on this page.
OOH is Vigilant Entities' proprietary venture-grading model. Patent Pending · USPTO 63/PCT route.
Treat every startup as a small planet, orbited by seven satellites. Each satellite is independently scored by a dedicated AI agent. Yusuf — the council moderator — synthesises them into a single composite OOH Score (0–100) the holding company can defend in front of any investor or regulator.
Seven sovereign AI agents — Problem-Solution Fit, Product-Market Fit, Scale, Risk, Capital, People, Sovereignty — orbit each venture. No single model can game the score because no single model sees the whole picture.
Each orbital agent runs air-gapped inside your tenant. A leak in one satellite cannot compromise another. Telemetry never leaves the cluster.
Points only count when a documented artefact is on file. The OOH score is auditable end-to-end — every percentage point traces back to a timestamp, a file, and a clearer.
Most frameworks (Maurya, Y Combinator) measure linear progress. OOH measures depth simultaneously — Asabiyyah, Sovereign Alignment, Capital Stewardship, and Founder Resilience all compound with — not after — your lean track.
OOH™ is a trademark of Vigilant Entities. Method patent pending — unauthorised reproduction prohibited.
Full coverage matrix. Strict CSP, HSTS, anti-CSRF, brute-force lockouts, per-device JWT, hash-chained audit log.
Clause-by-clause: A.5 policies, A.9 access control, A.10 cryptography, A.12 logging, A.13 network, A.15 supplier risk, A.16 IR.
TSC CC1, CC6, CC7, CC8, CC9 addressed. Audit trail, change mgmt, vendor risk register, IR playbook in place.
AC, AU, IA, SC, SI families. AU-9 tamper-evident logs verifiable live above.
Right to access + export + erasure available from your Profile. 72h breach notification process documented.
12+ char minimum, blocklist against known breaches, no forced rotation, MFA-like passwordless magic-links.
Every document is signed with a SHA-256 fingerprint — verify what you got is what we published.
All 8 docs bundled into one PDF with a cover page, table of contents, per-doc SHA-256 manifest, audit-chain head, and the PGP fingerprint for verification. Regenerated whenever a source doc changes.
Same 8-doc bundle, plus a recipient page + faint per-page watermark with your email and a unique tracking token. The token also lives invisibly in the PDF metadata so we can attribute any later leak back to the original recipient.
Full risk register at VENDOR_RISK.md (above).
| Vendor | Purpose | Tier | Residency | DPA | SOC 2 |
|---|---|---|---|---|---|
| Stripe | Payment processing | T1 | US (EU replicas) | ✓ Signed | Type II |
| Hostinger | Transactional email (SMTP) | T2 | EU (Lithuania) | ✓ Signed | In progress |
| AWS | Inference + storage | T1 | Tenant-chosen | ✓ Signed | Type II |
| Cloudflare | CDN + WAF + TLS edge | T3 | Global edge | ✓ Signed | Type II |
SOC 2 letter + DPA + pen-test summary — sent on request. Email security@vigilantentities.com with your procurement team's CISO copied.
Full-screen, push-ready, opens in one tap. No App Store needed.