Rights, privacy, and provenance — kept visible.
Every Blueprint world model is built from a real place, with readable proof of where, when, how, and under what rights it was captured. The trust details are product surfaces, not promises.
Four gates
Every world model passes the same four gates.
Each gate is a readable record a buyer can check before they treat a site as usable.
Rights
Rights class, export entitlements, and sharing limits are attached to the listing and manifest — not inferred from copy. A buyer reads what is licensed before access.
Privacy
Records identify whether privacy processing ran, whether raw media is retained, and what stays visible or exportable. Restricted, private, and employee-only areas are out of scope by default.
Provenance
Facility identifier, capture timing, freshness state, approval path, and proof depth travel with the world model so a site is treated as current only when it actually is.
Scope limits
Hosted sessions separate what is launchable, what stays human-gated, and which outputs are examples versus confirmed exports. Generated media is labeled review support.
What stays attached to a listing
Illustrative values · not a live record
Six commitments we hold on every world model.
We show proof depth, freshness, and commercial status on every listing before access.
We keep rights, restricted zones, and export scope attached to the manifest, not the marketing.
We separate public proof from example UI in every hosted-access surface.
We label generated and simulated media as review support, never as real-world proof.
We frame policy comparison as rank fidelity and predicted success — never a deployment guarantee.
We honor takedown, refresh, redaction, and revocation requests on the published timeline.
Hard limit