Continuity and Trust
Every serious private credit buyer asks this question. It's the right question. This page is the answer, in plain language. Procurement and risk committees can read it start to finish in ten minutes.
COVENANT inference runs on dedicated infrastructure under No Human Nearby's exclusive control. If the vendor is impaired, the Sovereignty Preservation Clause activates the dual-jurisdiction software escrow and the Failsafe Activation Continuity Plan keeps in-flight monitoring accessible while you take over operations on customer-provisioned infrastructure. Continuity is mechanical, not a verbal promise.
In a traditional SaaS arrangement, the product lives in a multi-tenant cloud the customer never controls. When the vendor sunsets, the product vanishes, usually with the customer's data and zero recovery path.
COVENANT inverts that exposure with three structural layers:
If every No Human Nearby server went dark on a Tuesday, the read-only continuity window keeps your in-flight monitoring accessible while the dual escrow releases. Your platform team stands up the deposit on customer-chosen infrastructure inside 60 days. The dependency on NHN is severable by design.
Local-first covers operational continuity. Source code escrow covers long-term maintainability. A neutral third party holds a current copy of the product source tree and releases it to paying customers under defined conditions.
Specific trained model weights and proprietary prompt libraries. These are the competitive "how" of the product and remain No Human Nearby intellectual property. The deposited training pipelines give you everything needed to produce your own trained models on your own data if you ever need to operate independently.
A royalty-free internal-use license to the deposited source code for the full duration of your continued operation of COVENANT. Self-hosted operation, internal patching, and continued use on existing or replacement hardware are all permitted. No redistribution rights, no resale rights, no commercial re-licensing.
No Human Nearby. Third-party software escrow through a neutral service runs $1,500 to $3,000 per year. That cost is absorbed as an operating expense, not passed through to customers.
The fund never touches hardware. NHN owns and operates the dedicated infrastructure under our exclusive control; the fund connects via encrypted tunnel from authorized workstations. So what does the EOL Flex Policy actually mean to a fund procurement committee?
Your subscription, on the flat $4,000 monthly rate or any founder-cohort tier, includes automatic zero-downtime compute upgrades at our facility when the underlying Mac hardware ages out. There is no CapEx surprise. There is no fund-side migration window. There is no hardware refresh you have to budget for.
Hardware lifecycle risk lives with NHN. The fund's only obligation is the subscription. Procurement committees can underwrite the spend without modeling a hardware refresh cycle. Founder T1 at $1,449 per year carries the same EOL Flex Policy as the standard $4,000 monthly rate, no tier-based exclusion.
NHN absorbs the early-deprecation risk at our facility. The customer-scoped capacity migrates between generations behind the tunnel; the tunnel session is preserved. Snapdragon X Elite, AMD Strix Halo, and NVIDIA workstation paths are pre-validated on the inference-stack abstraction layer. The fund's contingency plan is a vendor selection question NHN handles, not an architecture rewrite the fund has to run.
The hardest enterprise question is not "what happens if the vendor sunsets" but "what happens during the 60-day transition window." Hosts in the v8 critique flagged 60 days as reading like "operational paralysis" without milestone surfacing. The timeline below answers that directly: 60 days is the END of recovery, not the duration of paralysis. Every milestone has customer-visible action.
| Milestone | What Happens | Customer Action |
|---|---|---|
| T+0 | Trigger event confirmed on the public ledger anchor (heartbeat miss, founder incapacitation, change-of-control event, or explicit founder release). Customer-side alerting fires. | Customer compliance officer receives notification with cryptographic verification reference. Optional: confirm trigger directly via public ledger query. |
| T+24 hours | Read-only continuity window opens. In-flight covenant monitoring stays accessible on the existing tunnel endpoint in read-only mode. Mid-audit auto-generator captures the frozen state of every active deal-room as an exportable bundle. (Read-only continuity mode is a future-state product roadmap consideration, not a v9 committed capability.) | Customer downloads the auto-generated audit-state bundle to firm storage. Bundle is the bridge to customer-operated stand-up. |
| T+7 days | Sovereign Deadman Switch executes. Cryptographic primitive auto-decrypts the continuity bundle (source code, build pipelines, infrastructure provisioning recipes, regional-node IP allocations, ready-to-import data-volume snapshots, cryptographic keys). All deposited assets are now in the customer's hands. | Customer's platform team retrieves the deposit using the long-term keys escrowed in the enterprise contract. Engaged contracted stand-up services bench begins parallel work if customer elected the contract option. |
| T+30 days | Customer-provisioned infrastructure stand-up complete. Deposit's terraform / ansible procedures provision the platform on customer-chosen infrastructure (cloud, colo, or on-premises). Reference deployment runs end-to-end on a single Apple Silicon developer machine for validation. This is import-and-cutover, NOT "build a data center while the building is on fire" the regional-node IP allocations and data-volume snapshots ship in the T+7 deposit. | Customer's platform team or contracted stand-up services bench runs the included playbooks. 8 to 14 calendar days of focused work for a competent platform team. |
| T+60 days | Cutover complete. Customer-operated COVENANT is fully independent of NHN. Customer holds the source, the build pipeline, the cryptographic keys, the audit logs, the deployment runbooks. | Customer reviews the parallel run between original and customer-operated environments, makes the cutover call, decommissions the original tunnel. |
60 days is the end of recovery, not the duration of paralysis. The T+7 dual escrow ships deployable images, runbooks, regional-node IP allocations, and ready-to-import data-volume snapshots. T+30 is import-and-cutover, not "build from scratch."
If any of the named triggers fires, the dual-jurisdiction deposit (US primary plus customer-elected secondary in Switzerland or the Channel Islands) is operationally complete. A customer's platform team or a competent engineering contractor can stand up an independent customer-operated environment from the deposit alone:
Private credit funds employ analysts, not DevOps engineers. That is why the deposit is operational, not just legal: the included reference deployment runs end-to-end on a single Apple Silicon developer machine for validation purposes, and the full operational runbook lives at /escrow-runbook.
If you ever choose to migrate off COVENANT, you take your data with you. Full covenant tracking history exports as structured JSON and CSV. Lender graphs export in standard graph formats (GraphML, DOT). Historical covenant test outcomes. Portfolio company metadata. Full audit trail.
No proprietary binary formats. No vendor-specific encoding that would require No Human Nearby tools to read the data back. Data schemas are publicly documented.
For customer-initiated migrations, No Human Nearby provides a one-time export package at no additional charge: complete data export, schema reference document, and a 30-day support window for integration questions.
What happens to my portfolio monitoring if No Human Nearby goes out of business tomorrow?
The Failsafe Activation Continuity Plan executes. Read-only access to in-flight monitoring continues for the first 24 hours. Within 10 business days, both legs of the dual-jurisdiction escrow release source, build pipelines, infrastructure recipes, and cryptographic keys to active paying customers. Within 60 days, your platform team is operating COVENANT on customer-provisioned infrastructure. The dependency on NHN is severable by design.
Can I audit the escrow deposits to verify they are complete and current?
Yes. Standard software escrow contracts include customer audit rights. No Human Nearby accepts customer audit provisions for escrow verification as part of the contract.
What if I want to stop using COVENANT for my own reasons, not vendor-driven?
You export your data in open formats, migrate wherever you prefer, and the contract terminates cleanly. No data held hostage. No early-termination penalties designed to lock you in.
Are the AI models open or proprietary?
The base models are widely available open-weight models running on your hardware. Training pipelines and fine-tuning recipes are part of the escrow deposit, so you can produce your own trained models on your own data if the vendor relationship ever ends. The specific trained model weights and prompt libraries that ship with COVENANT remain No Human Nearby intellectual property and are not in the deposit.
Is there a named successor if the founder is incapacitated?
No Human Nearby's continuity model does not depend on a single named successor. The escrow release mechanism hands customers full operational control (source code, build scripts, training pipelines, deployment docs) if the vendor is unable to continue. For intellectual property succession, applicable inheritance law applies. Escrow plus standard legal succession is more durable than a single named human, who could themselves become unavailable at any time.
For customer-specific escrow language, contract addenda, or procurement review packages covering this framework:
Email: enterprise@nohumannearby.com
A pre-signature draft of the continuity clauses is available on request.