Honesty · Single source of truth

What's shipped.
What's roadmap.
What we won't do.

Every honest disclosure scattered across the site, consolidated. Auditable: every "shipped" item is verifiable on the linked page, every "roadmap" item has a date, every "won't do" is a deliberate choice. If you spot a discrepancy between what we promise here and what we deliver, email honesty@usetheo.dev.

Compliance & audit

Shipped today

  • · DPA template GDPR + LGPD aligned (8 clauses)
  • · Public sub-processor list with region + DPA status
  • · security.txt RFC 9116 published
  • · Annual penetration test commitment in DPA Annex II
  • · Responsible disclosure policy (security@usetheo.dev · 48h ack)

Roadmap with date

  • · SOC 2 Type II — target Q4 2026
  • · ISO 27001 — no committed date
  • · Public pentest report (redacted) — to be published post-SOC2
  • · PGP key for security disclosures — Q3 2026

Won't do

  • · Fake SOC 2 logo before audit completes
  • · Customer logo wall before real customers

Reliability & status

Shipped today

  • · /status page with 7 surfaces
  • · Public incident log on GitHub Issues (label: incident)
  • · SLA 99.9% target declared (Enterprise tier contractual)
  • · Auto-rollback via `theo rollback` (every tier)

Roadmap with date

  • · Realtime status.usetheo.dev dashboard (Q3 2026) — replaces current manual snapshot
  • · Historical uptime percentage (Q3 2026 with the dashboard)
  • · Public post-mortems linked to incidents (today: written for Sev-1; published when first Sev-1 occurs)

Won't do

  • · Claim "99.99% uptime" without historical evidence
  • · Hide incidents behind a private dashboard

Region & residency

Shipped today

  • · Multi-region (EU-West, US-East) — customer-selectable per project
  • · TLS 1.3+ everywhere with HSTS preload
  • · Standard Contractual Clauses (SCC 2021/914) for cross-border processing

Roadmap with date

  • · Região BR (São Paulo) — target Q4 2026
  • · BRL billing + NF-e emission — target Q3 2026

Won't do

  • · Claim BR region before it ships
  • · Bill in BRL before NF-e flow works end-to-end

Platform integration (for platform engineering teams)

Shipped today

  • · Theo-managed GitOps pattern (theo deploy as source-of-truth)
  • · OpenTelemetry-formatted exports to Datadog, Splunk HEC, Elastic, S3, Prometheus federation
  • · REST API on Theo control plane for custom Backstage cards
  • · Template fork model (Apache-2.0 — publish under your org)
  • · BYOC and Self-managed modes named (Enterprise)

Roadmap with date

  • · GitOps-managed pattern (ArgoCD/Flux syncs Theo CRDs) — Q3 2026 Enterprise
  • · OPA/Rego policy admission hooks — Q3 2026 Enterprise
  • · Custom buildpacks (your RUN steps, sidecars, mesh injection) — Q4 2026
  • · Backstage plugin (catalog entity + deploy actions) — Q3 2026

Won't do

  • · Multi-cluster federation across 50+ of your clusters from a single Theo control plane — out of scope (one Theo control plane per cluster instead)

Customer evidence

Shipped today

  • · Design partner program (Round 1 — 10 teams) — public application
  • · Public GitHub org with all OSS funnel repos
  • · Honest "no customer logos yet" disclosure in DesignPartnerInvite

Roadmap with date

  • · Named customer references — when a paying customer agrees to be referenced
  • · Public case studies — when there is a real outcome to write about honestly

Won't do

  • · Invent quotes
  • · Buy logos
  • · Show stock-photo "customers"

Numbers we publish

Shipped today

  • · ~4 min median first-deploy time (Node + Postgres) — verifiable via /changelog
  • · 28 LLM providers · 19 templates · 7 languages — verifiable via GitHub repos
  • · BusinessAutomations ROI math prefixed with "Example:" + "Your numbers will differ"
  • · BusinessComparison footnote: "Compares software/labor cost only for ONE automation"

Roadmap with date

  • · Customer-attributed ROI numbers — when real customers publish their numbers

Won't do

  • · Aggregate customer numbers as marketing material without consent
  • · Cherry-pick a single customer's best-case month as a general claim

Changelog

Audit trail of every change shipped. When a roadmap item ships, it shows up here first.

Report a discrepancy

If something on this page doesn't match what you experience, email honesty@usetheo.dev. We fix it within 5 business days or document why we can't.

This page exists because trust is built by what you don't hide. Last updated: 2026-05-16. If a date passes and we haven't shipped the roadmap item, we'll either update the date with a new commitment or move it to "won't do" with a reason.