Nkosi Felix, Senior Data Platform Engineer

Trust, Accessibility, and Privacy

What this website does and does not claim.

Accessibility

Accessibility target: WCAG 2.2 AA. Static accessibility checks are part of this site's verification gate: semantic HTML, keyboard navigation, visible focus states, form labels, skip links, text alternatives, reduced-motion support, and screen-reader-friendly structure.

This is a self-published target, not a certified or independently audited conformance claim; W3C/WAI has not reviewed this site. No accessibility overlay is used -- markup is fixed directly.

WCAG 2.2 AA target

Privacy

This site does not use cookies, behavioral advertising, session replay, fingerprinting, or third-party ad networks. The static frontend is readable without login. The chat endpoint accepts only the question you submit and returns an evidence-checked response. This site does not sell or share personal information.

Full statement: Privacy.

AI / crawler readability

This site is intentionally readable by search engines and AI tools: robots.txt allows public and AI crawlers, llms.txt summarizes the site for language models, ai-index.json provides a machine-readable summary including an explicit "do not infer" section, and proof-pack.json indexes every public evaluation artifact in one file.

Evidence-backed claims

Every factual claim in the evidence-backed chat is checked against a generated, checksummed evidence manifest before it reaches you. Unsupported claims are rejected, not shown. See the Evidence-Grounded RAG Evaluator lab for a full walkthrough.

Claim lifecycle: a hand-authored ledger entry becomes a checksummed manifest entry, is checked by the policy engine at request time, and is either returned as a validated claim or rejected as unsupported. Ledger entry hand-authored Manifest generated + checksummed Policy Engine checked at request time Returned to you Rejected, not shown

Security boundaries

Badge policy

Self-attested badges map to automated checks listed in badges.json and claims-register.json. No legal or third-party certification is claimed (for example: ADA, CCPA, GDPR, PCI DSS, SOC 2, HIPAA, FCRA, GLBA, FTC approval, or W3C certification).

Each chip corresponds 1:1 to an entry in badges.json; hover or inspect a chip to see which automated check backs it.

Scope

This is a personal portfolio and public evidence system. It does not claim active security clearance, degree completion, regulated-service certification, production customer data, or employer-confidential code.