TargetSpace Labs is at the pre-pilot stage. The only data this site handles today is pilot application intake — and our security posture is scoped to exactly that. As the program grows, the posture grows with it, and this page will say so plainly.
Organization name, contact information, a description of the system you want evaluated, and any constraints you tell us about. That is the entire inventory. No product data, no end-user data, no file uploads — the application form does not accept them.
We do not receive or store raw participant or end-user data through this site. We do not sell or share application data with anyone. And no application is accepted or rejected automatically — every one is reviewed by a person.
The site is static-first with one intake endpoint. Less machinery means less to secure and less to fail.
The site is served as static pages on Cloudflare Pages; the application intake runs as a Cloudflare Worker. There is no traditional server to patch or expose.
Application submissions are stored in Cloudflare D1, a managed SQLite database scoped to intake records only.
The administrative interface sits behind Cloudflare Access with an additional token gate — two independent checks before any submission can be read.
All traffic to targetspace.ai is encrypted in transit. There is no unencrypted path to the site or the intake endpoint.
Where request logging is enabled at all, it records a salted hash of the IP address rather than the address itself. We keep what abuse prevention needs and nothing more.
No analytics scripts, no advertising pixels, no cross-site trackers. Your visit here is not an input to anyone's dataset.
Real pilot evaluations never run through this website. They run under a separate agreement, negotiated per engagement, before any evaluation data exists.
Each pilot agreement covers consent design for the study cohort, data-processing terms, and — where a partner requires it — federated or on-premises execution so raw evidence never leaves the partner's environment. Evaluation data is deleted on completion of the engagement. The exported artifacts of an evaluation are sealed forecasts and aggregate metrics — not raw evidence.
If you find a vulnerability in this site or its intake infrastructure, we want to hear about it. Write to security@targetspace.ai with enough detail to reproduce the issue. Responsibly reported issues are welcome, and we will acknowledge and act on credible reports.
This page describes current practice at pre-pilot stage and will be expanded with formal certifications as the program matures.
Data-processing terms, consent design, and execution options are settled per engagement, before any evaluation begins. Ask us anything before you apply.