Catalog Recall Monitor
Product rows only
Security posture

A narrow pilot with narrow data.

Catalog Recall Monitor is designed to review redacted product rows against official CPSC recall records. The safest file is a small CSV with product title, brand, category, SKU, model, UPC, and product URL only.

Try public demo See data scope See handling notes
No customer data requested CPSC-only pilot source Human-reviewed output
Trust boundaries
1Data minimization

Send product rows only.

The workflow does not need customer names, emails, addresses, orders, payment records, contracts, wholesale costs, margins, passwords, API keys, or full databases.

2Preflight

Unsafe files stop before scanning.

The intake path checks for sensitive-looking columns and values before recall matching. Files with obvious private data are rejected for cleanup first.

3Source-backed

Every match needs evidence.

Buyer-facing matches include official CPSC source links and conservative wording. Fuzzy text evidence goes to manual review, not automatic suppress.

Current controls

What is live now

active
  • Public site hosted on Cloudflare Pages over HTTPS.
  • Domain email authentication passes MX, SPF, DKIM, and DMARC checks.
  • Recall source cache covers full historical CPSC records, not only recent notices.
  • Public demo runs without account creation or private file upload.
  • Report language avoids product-safety certification claims.

What is intentionally not live

gated
  • No automatic takedown, suppression, or customer notification workflow.
  • No account system, team seats, or buyer dashboard during validation.
  • No FDA, EU, UK, Canada, or image-matching expansion in Gate 1.
  • No legal advice, compliance certification, or product-safety guarantee.
  • No payment collection until a buyer explicitly confirms pilot interest.

Verification snapshot

checked
  • Production browser QA passed with 0 failures and 0 warnings on Apr 20, 2026 PDT.
  • CPSC cache check covered 9,761 records from 1973-06-08 through 2026-04-16.
  • Security headers are live: HSTS, nosniff, frame-deny, referrer policy, and permissions policy.
  • The sample PDF is served inline as application/pdf, not as a raw file dump.
  • Security contact is published at /.well-known/security.txt.

Payment boundary: if a paid pilot is approved, payment should run through a hosted Stripe checkout or payment link so card data never touches this site. Stripe setup remains a founder approval step before any paid pilot link is sent.

Low-risk first step

Try the public demo before sending anything.

The public demo shows the decision flow without private data. If it maps to your workflow, send a small redacted sample after reviewing the data scope.

Open public demo Open CSV template
Legal boundaryThis provides source-backed decision support. It does not certify products as safe, provide legal advice, or replace human safety/compliance review.