EU AI Act Article 50 — 20 days to seal | Get passport
Post-submit owner gate

Thank You and Next-Step Router

The expanded DEFONEOS thank-you page: reference handling, buyer-safe next steps, owner-gated fulfilment, public links, and honest onboarding status after a form, waitlist, investor, or checkout signal.

4routes
48howner response target
0auto-provisioning
5public next links
Buyer-safe: this page is written to be sent, bookmarked, and audited. It separates what is live from what remains owner-gated.

What happens next

This thank-you page converts a form submission or successful checkout into a precise owner-and-buyer path. It should reduce confusion after a high-intent action.

Reference-number logic

The page reads ref, type, and session_id from the URL. Use that to route the buyer without revealing internal systems.

URL parameterMeaningAction
refPublic reference IDLog to CRM only if consented
type=investorInvestor or strategic partner requestSend investor evidence pack after owner check
type=waitlistLow-intent early accessAdd to useful-update cadence
session_idPayment or checkout successVerify Stripe dashboard before provisioning
missing fieldsGeneric thank-youAsk one clarifying question only if user replies

Post-submit workflow

Run these checks before any fulfilment.

Copy blocks

Use these exact messages for the three common states.

Demo request received
Thank you — I have the request. I will send a short evidence-room link and propose two 20-minute validation slots.

Partner request received
Thank you — I will review fit against the DEFONEOS public-service and defence-AI route. No exclusivity is implied at this stage.

Checkout signal received
Thank you — I will verify the transaction and route before provisioning. DEFONEOS access is not active until the owner gate is complete.

Public links after submit

The page should point buyers to live public next steps, not dead anchors.

Routing matrix by request type

This matrix prevents a useful inbound signal from becoming a generic reply. It tells JEEVES and Nick what to do next without leaking internal engine names to the buyer.

Inbound typeCRM stateFirst owner actionEvidence bundleDo not do
DemoDEMOOffer two 20-minute validation slots.Evidence room, demo fallback script, SoW converter.Do not promise private data integration.
PricingPILLARSend pricing card and ask for procurement route.Pricing card, 90-day SoW, deal economics.Do not negotiate below floor in email.
InvestorDISCOVERVerify investor identity and send deck only if credible.Investor onepager, evidence room, public roadmap.Do not disclose sensitive pipeline detail.
PartnerDISCOVERAsk whether they are prime, academic, standards, or channel.Referral partner letter, evidence room, sovereignty page.Do not grant exclusivity.
CheckoutPACTVerify Stripe, legal entity, and scope before provisioning.Onboarding page, data boundary, pilot SoW.Do not auto-provision access.

Anti-confusion footer for buyers

If a buyer lands here from a link or checkout redirect, they need to understand the boundary immediately.

Internal fulfilment checklist

Run this checklist before telling anyone their request is “complete”.

CheckPass conditionOwner
Reference capturedRef appears in URL and CRM record.JEEVES
Consent capturedForm source included consent or buyer replied directly.Owner
Identity plausibleDomain, role, and organisation are coherent.Owner
Evidence bundle chosenOne bundle matched to request type.JEEVES
Human gate checkedStripe, contract, DSP, CE Plus, SC or procurement route verified as needed.Owner
Reply sentOne useful next step, logged in CRM.Owner

Buyer-facing FAQ after a thank-you redirect

These answers are safe to expose immediately after a redirect because they avoid false assurance and keep the buyer inside the public evidence boundary.

QuestionShort answerNext link
Is my request confirmed?Yes if a reference is shown. The owner still verifies identity and route before any private action.CRM entry, not public
Can I access the platform now?Public evidence is available now. Private workspace access is owner-gated./defoneos-onboarding
Where do I see proof?The evidence room maps governance, security, commercial, and provenance artefacts./defoneos-mod-evidence-room-index
How do I buy?Start with a capped 90-day pilot or validated procurement route./defoneos-mod-pricing-card-onepager
Can DEFONEOS use my sensitive data?Not through this public route. Sensitive data requires a separate private route and written boundary./defoneos-mod-meeting-notes-to-sow
Who owns the reply?Nicholas Templeman as CSOAI Ltd owner, with JEEVES preparing evidence and drafts./defoneos-team

Minimal analytics without surveillance

The page should help the owner understand conversion without tracking individuals in an invasive way.

Owner escalation ladder

Escalation is about usefulness and risk, not urgency theatre.

LevelTriggerActionMaximum response
L0Generic waitlist or newsletterAdd to low-frequency updates.7 days
L1Demo request from plausible buyerSend evidence room and validation slots.48 hours
L2Public-sector or prime buyer signalOwner reviews and sends tailored route.24 hours
L3Procurement, security, legal, or investor signalOwner handles personally; no automation beyond draft.Same business day
L4Sensitive data, classified language, or red-line requestStop automation and require explicit owner review.Immediate stop

Buyer trust notes

The thank-you moment is part of the trust architecture. It confirms receipt, prevents false expectations, gives the buyer useful next links, and records exactly what still requires owner action.

12-framework crosswalk

The mapping below is a design and evidence discipline, not a claim of third-party certification.

FrameworkControl mappingHonesty status
EU AI ActTransparency, human oversight, record keeping, post-market monitoring, and high-risk discipline for public-service AI.Designed. Verify per buyer before external submission.
GDPR and UK GDPRData minimisation, lawful basis, subject-access path, retention, and no personal-surveillance default.Designed. Verify per buyer before external submission.
JSP 936Assurance-case structure, safety evidence, accountable owner, and operational human control.Designed. Verify per buyer before external submission.
JSP 440Protective marking, supplier security, secure handling, and public-vs-sensitive separation.Designed. Verify per buyer before external submission.
NIST AI RMFGovern, Map, Measure, Manage controls connected to buyer onboarding evidence.Designed. Verify per buyer before external submission.
ISO 42001AI management system roles, process control, continuous review, and competence evidence.Designed. Verify per buyer before external submission.
NIST PQCCryptographic agility path and truthful statement of current vs future signing posture.Designed. Verify per buyer before external submission.
NATO STANAGInteroperability-compatible language without claiming NATO certification.Designed. Verify per buyer before external submission.
AUKUS Pillar IICompatibility framing only; no partnership claim without signed evidence.Designed. Verify per buyer before external submission.
OSCALControl catalogue, SSP, component definition, and machine-readable audit path.Designed. Verify per buyer before external submission.
Five Eyes export disciplinePublic-source and non-controlled data boundary.Designed. Verify per buyer before external submission.
C2PA 2.0Content provenance and media-lineage posture for artefacts sent externally.Designed. Verify per buyer before external submission.

Honesty register

Explicit bounds for this page.