Commitments

Promises you can audit.

These are the operating promises behind Shutapp. Publish the numbers. Keep the receipt. Stay model-agnostic. Put real money behind misses.

If a security vendor cannot show what it catches, what it misses, and what it owes when it fails, it is asking you to trust a black box.

01

We publish the numbers

Security claims should not hide behind vague language. We publish detection numbers, evaluation scope, and the cases we know are still hard.

When the model changes, the attack pack changes, or the corpus grows, the numbers should move with it. A commitment without measurement is just positioning.

02

Every decision gets a receipt

A receipt is the proof that something was scanned, shut, restored, or allowed. It is signed, tied to the policy version, and designed to be kept with your audit trail.

That receipt is also how the guarantee works. If there is a covered miss, the receipt is the clean record of what happened and when.

03

Your keys stay yours

Shutapp sits around your LLM call. You keep using OpenAI, Anthropic, Gemini, your own model, or the next provider you switch to.

We do not need your provider key. We do not route you through a locked model stack. The control layer should move with you.

04

We put money behind misses

Paid tiers include a damage guarantee because security vendors should carry part of the risk they ask customers to trust them with.

The guarantee is not a slogan. It is connected to receipts, coverage, policy, and the tier you bought.