Stage 1: MVP0 Demo

Timeline: Q1 2026 (0-3 months) Purpose: Demonstrate platform capabilities to prospective enterprise clients with real security fundamentals in place.

Executive Summary

The MVP0 Demo is our first enterprise touchpoint. While it won't have formal certifications, it demonstrates that ReGenesis takes security seriously from day one. Key commitments: real encryption (not simulated), working access controls, and provable data deletion with certificates after every demo. This stage establishes credibility with prospects like McKinsey by showing architectural maturity before asking for pilot commitment.

Working Knowledge

What Must Be Real (Not Staged)

These items must actually work in the demo — not just be mentioned on a slide:

1. Encryption: Data encrypted at rest (database encryption enabled) and in transit (HTTPS). If a prospect's security team asks "Is demo data encrypted?", the answer must be a truthful "yes."

2. Access Control: Each demo participant has their own login. Coaches see coach views, clients see client views. The visibility tags (client_visible, coach_only) actually work.

3. Data Deletion: After the demo ends, the platform runs the deletion process and provides a deletion certificate — a document confirming all demo data has been permanently removed. This is a trust signal that resonates deeply with enterprise security teams.

What Can Be Staged (Honestly)

• SSO: "The platform supports enterprise SSO; here is how the integration works" (show architecture, not live Okta)
• Integrations: Upload a transcript file manually instead of live Zoom integration
• AI depth: Sasha can work on pre-loaded content rather than real-time analysis
• Mobile: Not needed for demo; mention it's on the roadmap

Key Documents to Have Ready

• Privacy Policy draft (covers demo data handling)
• Terms of Use (including confidentiality for demo data)
• Security one-pager (encryption, unique logins, deletion commitment)
• Compliance roadmap summary ("SOC 2 Type I planned for Q3 2026")

Recommended Response: "Do You Have SOC 2?"

"Not yet — ReGenesis is building with SOC 2 controls in mind and plans to undergo the Type I audit in Q2-Q3 2026. The architecture and specific controls already implemented are available for walkthrough, along with the compliance roadmap."

This approach is honest, shows maturity, and most enterprise security teams appreciate transparency over overselling.

Technical Spec

---

Exit Criteria

Before moving to Pilot stage, the following must be verified:

• Demo ran successfully with at least one prospect
• Deletion certificate was generated and delivered
• No security incidents during demo period
• Prospect feedback captured for architecture refinement
• Compliance roadmap reviewed and adjusted based on prospect requirements