Sign In Get API Key

HydroSig ― Road-to-Closed-Beta (target 30 Sep 2025)

Phase 0: Foundations (done)

Window (calendar)	Key work-streams	Exit criteria
14 Jul – 28 Jul 2025	Core team in seat (backend, ML, DevOps, product/compliance) Dual-region GKE cluster + Postgres & Cloud Storage stood up Monorepo skeleton for scanner, router, audit & portal Estonia OÜ entity registered	Infra can run hello-world service and CI pipeline; legal entity ready for contracts

Phase 1: MVP surface-level detection

Window (calendar)	Key work-streams	Exit criteria
29 Jul – 30 Aug 2025 (Sprints 3-6)	Overlay OCR, C2PA manifest reader, Stability latent decoder Router service + public POST /scan endpoint & TypeScript SDK Audit log stores signed verdict JSON in Postgres/Blob	Definition of done: ≥95 % precision/recall on overlay & C2PA samples; p95 latency < 1 s for <5 MB images

Phase 2: Closed-beta hardening

Window (calendar)	Key work-streams	Exit criteria
01 Sep – 30 Sep 2025 (Sprints 7-8)	Security – SOC 2 Type I controls drafted, external pentest kick-off UX – Next.js dashboard (manual upload, verdict history, PDF download) Reg presets – schema=SB942 macro bundles all mandatory checks Tamper detection – perceptual-hash / SSIM for crops & re-saves SLA layer – throttle so gateway adds ≤250 ms even when upstream APIs hit rate-caps Design-partner programme – sign 5 logos (ad-agency, DAM, e-commerce CMS, newsroom, law-firm)	All beta design partners on-boarded & scanning ≥2 M images in 60-day pilot Dashboard reports 99.9 % uptime across a 7-day soak test Pentest high-/critical findings remediated

Work-back schedule to hit 30 Sep gate

Week #	Calendar	Milestones
W 0	05-09 Aug	Finish MVP backlog triage; freeze detection APIs; prep perf harness
W 1	12-16 Aug	Latency hardening & load-test; start dashboard wireframes
W 2	19-23 Aug	Dashboard alpha; perceptual-hash PoC; draft SOC 2 control list
W 3	26-30 Aug	Code freeze MVP; run 95 %/1 s benchmark; open beta wait-list
W 4	02-06 Sep	Dashboard feature-complete; SB 942 preset implemented; pentest scope agreed
W 5	09-13 Sep	External pentest live; design-partner legal paperwork; tamper-detection tuning
W 6	16-20 Sep	Fix pentest findings; SLA stress test (API caps, vendor outage injection)
W 7	23-27 Sep	“Gold” release tag, immutable; run 7-day soak on staging
W 8	30 Sep	Closed-Beta go-live e-mail + onboarding docs to partners

Resources & burn-rate check

Bootstrap stack on Azure Container Apps keeps fixed cloud spend ≈ $17-18 / month at 20 k scans (API Mgt, GPU T4, Postgres B1ms, Event Hub, Blob).

Head-count to Closed Beta remains 4 FTE; cash runway untouched.

Key risks before Beta

Risk	Prob	Impact	Mitigation / Leading indicator
Pentest finds critical RCE	3	5	Daily Snyk + Trivy scans; gate merge on CVSS > 7
Design-partner legal delays	2	4	Use lightweight 2-page pilot MSA; weekly legal follow-up
Latency regressions with larger images	3	3	Continuous k6 synthetic tests; auto-scale GPU job
Vendor API quota caps	2	4	Cache verdicts; exponential back-off & secondary detectors