Trust & compliance infrastructure

Verifiable contact channels (pinned)

Canonical routing for licensing, procurement, security, privacy, and legal — designed to reduce phishing and misrouting risk.

Fail‑closed policy

If a message claims to represent MVG but does not route through the published channels below, treat the state as HOLD and report to security@meridianverity.com.

Routing role aliases anti‑phishing

Authoritative role emails

Licensing & pilots — licensing@meridianverity.com
Procurement & acceptance — procurement@meridianverity.com
Security — security@meridianverity.com
Privacy — privacy@meridianverity.com
Legal — legal@meridianverity.com

Expected email domain: meridianverity.com

Contact page security.txt

Machine‑readable mirror‑safe offline

Signed descriptor (for review)

Use the descriptor as a canonical pointer set. In signed releases, authenticity is provided by the pinned fingerprint and the Site Release integrity rail.

Artifacts

/.well-known/mvg-contact.json
/.well-known/mvg-contact.dsse.json

Download descriptor (JSON) Download DSSE envelope

Offline verification (example)

# Obtain pgp.asc and verify the pinned fingerprint first.
# Signed releases publish detached signatures (.asc) for critical pointers.

gpg --import pgp.asc
# Example (signed release only):
# gpg --verify mvg-contact.json.asc mvg-contact.json

If authenticity cannot be established, treat the state as HOLD and contact security@meridianverity.com.