Launch readiness
Controlled beta. Public paid onboarding is not enabled.
- Operator
- Not configured
- Operator address
- Not configured
- Privacy contact
- Not configured
- Support contact
- Not configured
- Privacy contact verified
- Not configured
- Offer
- Not configured
- Price
- Not configured
- Payment mode
- Not configured
- Checkout URL
- Not configured
- Payment contact
- Not configured
- Security check
- Not configured
- Beta access gate
- Not configured
- Analysis event log
- Not configured
- Raw text in server log
- Not configured
- Event log retention
- Not configured
- API rate limit
- Not configured
- Public operator name is missing
- Public privacy contact is missing
- Public offer name is missing
- Public CHF offer price is missing or invalid
- Public payment mode is missing
- Public Turnstile site key is missing
- Turnstile secret key is missing
Controller and contact
The MVP is operated under the Delivlog project for the
nebenkosten.delivlog.com subdomain. During controlled
testing, privacy requests should be sent through the same access or
support channel that provided the MVP link.
Before open paid onboarding, the operating legal entity and a public
privacy contact must be configured and published here.
Purpose
The service processes the information you enter only to create a
Swiss rental ancillary-cost triage result, missing-evidence list,
review signals, a draft clarification letter, and a replay file that
lets the same case be rerun locally.
Data you provide
- Case fields such as canton, billing year, and payment model.
- Cost-line amounts, allocation labels, and readiness checks.
- Text extracted from searchable PDFs or typed into the note box.
- Human correction or missing-context notes entered before triage.
Browser-side document handling
Searchable PDF and text extraction runs in your browser before the
triage request is sent. Scanned or unreadable PDFs are marked as
requiring OCR and are not treated as automatically read.
Security check
Public triage requests can require Cloudflare Turnstile before the
packet is submitted. The browser receives only a public site key.
The server validates the one-time token before processing the case.
Server processing
When you run triage, the structured packet and extracted text are
sent to the Cloudflare Pages Function at /api/analyze.
The current MVP returns the result directly and does not create a
customer account.
Production stores a metadata-only analysis event log for operations,
auditability, and harness quality review. Metadata mode records the
analysis ID, input signature, case summary, document-text length,
findings, and harness status. It does not store raw document text in
the server event log. The current production retention period is
90 days.
The API also applies a short-window rate limit using a hashed
request identity. Rate-limit records store counters and a hashed
key, not raw IP addresses.
Controlled beta deployments can require an access code before
triage. Access codes are checked by the server and removed before
analysis, replay export, or server event logging.
Infrastructure providers may process technical request metadata,
security logs, and operational logs according to their platform
controls.
AI provider use
The default harness mode is disabled. Test audits can use a local
deterministic mock. External provider mode is only used if a
production provider secret is configured and the request explicitly
asks for provider mode.
AI harness output is supplementary. It must not decide payment,
predict an authority outcome, or replace the deterministic review
packet.
Replay files
If you download a replay log, it can contain the case fields,
extracted document text, correction notes, and analysis result.
Treat replay files as case data and store or delete them accordingly.
Data minimisation
Enter only rental ancillary-cost information needed for this review.
Do not enter unrelated health, criminal, tax, banking, employment,
family, or identity documents.
Your choices
- You can avoid uploading files and paste only relevant excerpts.
- You can remove names, account numbers, and unrelated identifiers.
- You can decide whether to download and keep a replay file.
- You can stop before running triage if you do not accept this handling.
Deutsch
Diese MVP-Version verarbeitet eingegebene Dokumenttexte und Notizen,
um ein Nebenkosten-Pruefdossier und eine Replay-Datei zu erstellen.
Durchsuchbare PDFs werden zuerst im Browser ausgelesen. Beim Start
der Triage wird das strukturierte Dossier an /api/analyze
gesendet.
Es wird kein Kundenkonto erstellt. Die Produktion speichert ein
Metadaten-Protokoll zur Analyse fuer 90 Tage, aber keinen rohen
Dokumenttext im Server-Protokoll. Replay-Dateien koennen Dokumenttext
enthalten und sind als Falldaten zu behandeln. Geben Sie nur
Informationen ein, die fuer die Nebenkostenpruefung erforderlich
sind.
Die API verwendet zudem eine kurzfristige Ratenbegrenzung mit einem
gehashten Anfrage-Schluessel; rohe IP-Adressen werden in diesen
Rate-Limit-Datensaetzen nicht gespeichert.
Kontrollierte Beta-Versionen koennen einen Zugangscode verlangen;
Zugangscodes werden vor Analyse, Replay-Export und Server-Protokoll
entfernt.