Brief — trust.ucca.online

Tiered Knowledge Surface

Date: 13 March 2026

---

SURFACE: trust.ucca.online (new repo — ucca-trust)

DO NOT TOUCH: ucca-engine, ucca-keys, ucca.online, rtopacks.com.au, any existing Workers

---

Objective

A tiered compliance and governance document surface. Every document heading visible to everyone. Access depth controlled by VCC trust level. The trust system governs access to the trust documentation.

---

Infrastructure

• Cloudflare zone: trust.ucca.online — register and configure
• Platform: MkDocs Material (consistent with docs.ucca.online)
• Access control: Cloudflare Access policies mapped to trust levels from engine-db
• Worker: ucca-trust — handles trust level checks, access_requested chain events, ops notifications

---

Trust Level Model

Level	Name	Trigger
0	Public	No auth
1	Verified	Email + mobile confirmed
2	Declared	Trust 1 + intent on record
3	Qualified	Human approval — Tim/Jimmy
4	Partner	NDA executed

---

Document Structure

All headings visible at Level 0. Lock icon + level number beside locked docs.

LEGAL & COMPLIANCE
──────────────────
Privacy Policy                          [open]
Terms of Service                        [open]
Jurisdiction & Governing Law            [open]
Sub-processor Names                     [open]

DATA GOVERNANCE
───────────────
Data Residency Declaration              [lock] 1
Retention & Deletion Schedule           [lock] 1
Encryption Standards Summary            [lock] 1
Sub-processor DPAs (redacted)           [lock] 2
Breach Notification Procedure           [lock] 2
Consent Architecture                    [lock] 2
Data Governance Framework v1.0          [lock] 3
Infrastructure Architecture             [lock] 3
Access Control & Audit Log Policy       [lock] 3
Security Audit Results                  [lock] 4
Penetration Test Summaries              [lock] 4
Key Management Procedures               [lock] 4
Incident History                        [lock] 4

---

Lock Icon

Critical — read carefully.

Line icon only. No fill. No emoji. No rounded friendly consumer padlock. Reference: Padlock_8.svg (provided). Stroke weight 1. Technical instrument aesthetic. Think security panel, 1994. Not iOS settings.

Use the SVG directly. Do not substitute with a system icon or emoji.

---

Lock Click Behaviour

Not logged in (Level 0) clicks any lock:

This document is available at Trust Level [X].

To access it you need a verified UCCA contact record.

[REGISTER AT IR.UCCA.ONLINE]    [I'M ALREADY VERIFIED]

Logged in, wrong trust level:

This document requires Trust Level [X].
You're currently at Trust Level [Y] — [Name].

To progress, request access. A member of the
UCCA team will review your record and be in touch.

[REQUEST ACCESS]

REQUEST ACCESS button: - Appends access_requested chain event (document name, timestamp) - Sends notification to ops console - No form — just the event on the chain - Tim reviews contact record, approves or declines with one click - On approval: trust level updates, document unlocks, contact notified

---

Intent Declaration Screen (Level 1 → Level 2)

When a Level 1 contact visits trust.ucca.online and tries to access a Level 2 doc:

UCCA AUTHENTICATOR
──────────────────

You're verified. Thank you.

To access detailed compliance documentation
we'd like to understand what brings you here.

This isn't a filter. It's a conversation starter.
Your response becomes part of your verified record.

What are you looking to understand about UCCA?

[                                              ]

[SUBMIT AND CONTINUE]

• Text box. No dropdown. No word limit. Their words.
• On submit: appends intent_declared chain event with their text
• Trust level updates to 2
• Document unlocks immediately

---

Footer Replacement (all surfaces)

Replace existing Shopify-style privacy/terms footer links across: - ucca.online - ir.ucca.online - rtopacks.com.au - keys.ucca.online - vcc.ucca.online

With single line:

Compliance and governance documentation available at trust.ucca.online

---

Design Direction

• IBM Plex Mono throughout
• Dark background #0a0a0f (default) with light mode option
• Document headings in white/near-white
• Lock icons in mid-grey — they're present but not alarming
• Level numbers beside locks in same mid-grey
• Unlocked documents render as clean readable text — not a download, inline
• No marketing copy on this surface — purely documentary

---

⚠️ CSS/Layout note

This is a compliance surface. It needs to feel like a legal document, not a product page. Be conservative with layout. No flourishes. No animations except the lock icon transition when a document unlocks (subtle, one-time). Match MkDocs Material base styles. Do not introduce new global CSS. Flag anything that needs adjustment rather than silently fixing it.

---

Phase 1 scope (this brief)

1. Cloudflare zone registered
2. MkDocs structure stubbed with all headings
3. Public layer (Level 0) populated with placeholder legal text
4. Lock icons + level numbers on all locked docs
5. Lock click behaviour wired (not logged in path only for now)
6. Footer replacement across all surfaces

Phase 2 (next brief): CF Access integration, trust level checks, intent declaration, access_requested chain events, ops console notifications.

---

Ready Alex?