Autonomous SDLC Governance

Prodia operates a Governed Autonomous SDLC Platform. The platform proposes, evaluates, and — where authorised — assists in delivering changes to software. This statement sets out, as a contractual allocation of responsibility, what is reserved to Prodia and what remains with the customer.

1. Human accountability

Prodia proposes changes. Customers (through their designated approvers) remain responsible for approving those changes, for deploying them to any environment under their control, and for operating the resulting software in production. Approval is a substantive act of human judgment, not a formality.

2. Repository ownership

• Repository owners remain responsible for the integrity, configuration, branch protection, secrets management and access control of their repositories.
• Customers configure the scope of agent access (read, propose, merge, deploy) and may reduce or revoke that scope at any time.
• Where Prodia is granted merge or deployment privileges, those privileges are exercised within the customer-configured policy envelope only.

3. Deployment responsibility

• Customers determine which environments are production, which pipelines are authorised, and which gates apply.
• Prodia does not assume responsibility for business outcomes, financial outcomes, regulatory outcomes, safety outcomes or reputational outcomes arising from generated outputs adopted by the customer.
• Customers are responsible for monitoring deployed systems, for incident response, and for compliance with applicable law in the jurisdictions in which they operate.

4. Safety-critical and regulated workloads

Customers operating in safety-critical, life-critical, rights-impacting or regulated domains (including but not limited to medical devices, aviation, automotive, energy, rail, financial services, public administration and defence) must layer their own regulatory controls, independent verification and human review on top of Prodia's controls. Prodia's controls are necessary but not sufficient in those settings.

5. Reversibility and rollback

• Every action of production effect is reversible within a documented rollback window.
• Rollback is initiated by authorised customer personnel and is supported by Prodia.
• Rollback does not extinguish customer obligations to notify affected users, regulators or counterparties under applicable law.

6. Audit and evidence

Prodia provides explainability records, evaluation results, falsification outcomes and audit logs sufficient for the customer to evidence its own compliance posture. Retention is governed by the Data Retention & Deletion Policy.