Read-only review
Use the minimum practical access route that allows the agreed surfaces to be assessed without expanding privileges unnecessarily.
Trust & Access
Statepath should feel safer because the working boundary is explicit: agreed surfaces only, minimum practical access, read-only where possible, careful AI-use rules, and clean closeout.
Access model
Statepath is not built around asking for the broadest access first. The default is to stay narrow, explicit, and proportionate.
Use the minimum practical access route that allows the agreed surfaces to be assessed without expanding privileges unnecessarily.
Temporary or scoped accounts are preferred to broad personal logins, especially where a safer route already exists.
Repos, docs, folders, dashboards, and automations should be named explicitly before review begins.
The route should not quietly widen into "everything you have" when a narrower agreed slice is enough to tell the truth.
Boundary references
The seven-page route stays compact on purpose. This page carries the public handling boundary, while the linked pages carry the matching scope and contact surfaces.
Use the closeout section on this page when the question is data handling, temporary access removal, or what happens after delivery.
Jump to privacy & retention Terms & scope boundaryUse Offer when the question is engagement shape, included work, follow-through limits, or what is intentionally not being smuggled into the first step.
Open Offer boundary Support / contact routeStatepath is not an always-on support retainer by default. Start with the bounded fit-check route and the minimum context needed to judge the next step.
Open Start HereAgreed-surface boundary
This is how Statepath stays bounded and legible instead of drifting into open-ended investigation by inertia.
AI-assisted work boundary
The operating rule is straightforward: AI can help with organisation, drafting, analysis structure, and synthesis, but sensitive material stays under explicit handling discipline.
What not to send early
The safest first step is a fit note, not a casual dump of files, passwords, or sensitive exports.
Privacy, retention, and closeout posture
Operational maturity includes how access is removed, how material is narrowed, and how the boundary stays traceable after the delivery is done.
Track the exact in-scope surfaces and the access route that was actually granted.
Close temporary accounts and remove permissions when the bounded work ends.
Do not keep client material longer than needed for the stated purpose; if retention is needed, keep the reason explicit.
After closeout, it should still be obvious what was reviewed, what was returned, and what was removed.
Next step
Use the linked pages to move from trust to qualification and then into the defined review route.
Send the project, the confusion point, and why the wrong next move matters before any sensitive handover starts.
Open Start HereReview the anatomy of the Truth Audit + Next Route Pack before deciding whether the route fits.
Open Sample OutputSee the scope-lock, access, review, and delivery sequence that keeps the route finite.
Open Process