Trust and governance
Built for evidence, not overclaiming.
TimeToPoint helps organisations prepare stronger records for review, assurance, payment approval, dispute handling and governance — without pretending to replace auditors, lawyers, certification bodies, or human judgement.
Evidence supports review. It does not replace the reviewer.
TimeToPoint creates clearer evidence records. It does not guarantee legal admissibility, regulatory acceptance, insurance approval, certification outcome, or audit conclusion. That distinction matters: evidence can support review; it should not pretend to replace it.
Evidence should be proportionate.
The goal is not maximum monitoring. The goal is the minimum useful record that allows another party to understand action, authority, review and evidence.
TimeToPoint records work events, not workers. Scope is workflow-bounded by design, not life-bounded by accident.
What TimeToPoint captures
- Action or completion event connected to the workflow
- Authority under which it was performed (Layer 3)
- Scope it was performed within (Layer 3)
- Review point where a human committed (Layer 4)
- Output or outcome that resulted (Layer 5)
What TimeToPoint does not capture
- Keystrokes
- Screen content unrelated to the workflow
- Idle time
- Mouse movement
- Webcam frames
- Browser history
- Anything that observes the person rather than the work
This is a product position, not just a default setting. TimeToPoint is not designed or sold as a people-monitoring system.
AI-assisted work still needs human accountability.
TimeToPoint records where human review, approval, escalation, correction, or acceptance occurred (Layer 4) — so the organisation can see where judgement entered the workflow. The record makes human review legible. It does not replace it.
Stronger evidence beneath existing assurance, not instead of it.
TimeToPoint can support internal audit, risk review, advisory delivery, AI-governance readiness, procurement review, and finance approval by producing clearer records underneath those processes. It does not replace the assurance process. It strengthens the evidence layer beneath it.
Built for the underwriting question and the claim review.
Insurance carriers underwriting AI E&O / D&O / Fiduciary are increasingly asking AI deployers what evidence they retain — at policy inception (underwriting condition) and at claim (defence material).
TimeToPoint evidence packs can be configured to align with AI-related exclusion carve-out questions, AI E&O underwriting question sets, and affirmative AI cover evidence requirements.
Retention defaults to 6 years (UK FWA / ISO 42001 alignment); longer retention on carrier request.
Annex A controls map to Attribution Stack layers.
A.6 → Lifecycle
Layers 1, 3, 5
A.7 → Data
Layer 1 + retention
A.8 → External parties
SKU 5
A.9 → Use
Layers 2, 3, 4 + autonomy phase
A.10 → Third-party
Per-vendor export
For ISO 42001 certifiers, see Assurance Partners.
Tier A site posture, applied throughout.
Jurisdiction
UK / EU. GDPR + UK GDPR + PECR. APPI for JP visitors.
Data
PII minimised by default. PII handled only where the workflow requires it, with explicit data-protection impact assessment.
Security
CSP rollout, SRI on third-party scripts, honeypot + rate-limit anti-spam. No CAPTCHA (WCAG 3.3.8).
Accessibility
WCAG 2.2 AA. UK Equality Act 2010. EN 301 549.
Hosting
UK / EU data centres. Data residency configurable.
Retention
6-year default, configurable per workflow class.