Thank You and Next-Step Router
The expanded DEFONEOS thank-you page: reference handling, buyer-safe next steps, owner-gated fulfilment, public links, and honest onboarding status after a form, waitlist, investor, or checkout signal.
What happens next
This thank-you page converts a form submission or successful checkout into a precise owner-and-buyer path. It should reduce confusion after a high-intent action.
- Investor or partner contact: Nick responds personally within 48 hours after verifying the request.
- Demo request: JEEVES prepares the evidence-room bundle and a 20-minute technical validation agenda.
- Waitlist: the contact is added to the low-frequency useful-update cadence.
- Payment or pilot interest: onboarding remains owner-gated until Stripe, contract, and buyer route are verified.
- Every path preserves opt-out, minimises personal data, and avoids sensitive technical exchange on public links.
Reference-number logic
The page reads ref, type, and session_id from the URL. Use that to route the buyer without revealing internal systems.
| URL parameter | Meaning | Action |
|---|---|---|
| ref | Public reference ID | Log to CRM only if consented |
| type=investor | Investor or strategic partner request | Send investor evidence pack after owner check |
| type=waitlist | Low-intent early access | Add to useful-update cadence |
| session_id | Payment or checkout success | Verify Stripe dashboard before provisioning |
| missing fields | Generic thank-you | Ask one clarifying question only if user replies |
Post-submit workflow
Run these checks before any fulfilment.
- Verify the source form and timestamp.
- Check the buyer or partner domain is plausible and not a throwaway address.
- Send only public evidence links until NDA or procurement route exists.
- Do not provision sandbox access until payment, contract, or explicit owner approval is confirmed.
- Log the interaction as DISCOVER, DEMO, PACT, or CLOSED in the CRM.
Copy blocks
Use these exact messages for the three common states.
Demo request received Thank you — I have the request. I will send a short evidence-room link and propose two 20-minute validation slots. Partner request received Thank you — I will review fit against the DEFONEOS public-service and defence-AI route. No exclusivity is implied at this stage. Checkout signal received Thank you — I will verify the transaction and route before provisioning. DEFONEOS access is not active until the owner gate is complete.
Public links after submit
The page should point buyers to live public next steps, not dead anchors.
- Evidence room: /defoneos-mod-evidence-room-index
- Pricing: /defoneos-mod-pricing-card-onepager
- 90-day pilot SoW: /defoneos-mod-meeting-notes-to-sow
- Follow-up sequence: /defoneos-mod-48h-follow-up-sequence
- Customer onboarding: /defoneos-onboarding
Routing matrix by request type
This matrix prevents a useful inbound signal from becoming a generic reply. It tells JEEVES and Nick what to do next without leaking internal engine names to the buyer.
| Inbound type | CRM state | First owner action | Evidence bundle | Do not do |
|---|---|---|---|---|
| Demo | DEMO | Offer two 20-minute validation slots. | Evidence room, demo fallback script, SoW converter. | Do not promise private data integration. |
| Pricing | PILLAR | Send pricing card and ask for procurement route. | Pricing card, 90-day SoW, deal economics. | Do not negotiate below floor in email. |
| Investor | DISCOVER | Verify investor identity and send deck only if credible. | Investor onepager, evidence room, public roadmap. | Do not disclose sensitive pipeline detail. |
| Partner | DISCOVER | Ask whether they are prime, academic, standards, or channel. | Referral partner letter, evidence room, sovereignty page. | Do not grant exclusivity. |
| Checkout | PACT | Verify Stripe, legal entity, and scope before provisioning. | Onboarding page, data boundary, pilot SoW. | Do not auto-provision access. |
Anti-confusion footer for buyers
If a buyer lands here from a link or checkout redirect, they need to understand the boundary immediately.
- DEFONEOS public pages are live evidence and onboarding surfaces.
- Private workspaces, sandboxes, credentials, and procurement submissions are owner-gated.
- The company is CSOAI Ltd, UK company number 16939677.
- The public posture is sovereign by design — audit-grade, signed, neutral.
- Buyer-sensitive information should be exchanged only through an agreed route, not a public page or generic form.
- If the request is urgent, the owner should still avoid making claims not supported by the evidence room.
Internal fulfilment checklist
Run this checklist before telling anyone their request is “complete”.
| Check | Pass condition | Owner |
|---|---|---|
| Reference captured | Ref appears in URL and CRM record. | JEEVES |
| Consent captured | Form source included consent or buyer replied directly. | Owner |
| Identity plausible | Domain, role, and organisation are coherent. | Owner |
| Evidence bundle chosen | One bundle matched to request type. | JEEVES |
| Human gate checked | Stripe, contract, DSP, CE Plus, SC or procurement route verified as needed. | Owner |
| Reply sent | One useful next step, logged in CRM. | Owner |
Buyer-facing FAQ after a thank-you redirect
These answers are safe to expose immediately after a redirect because they avoid false assurance and keep the buyer inside the public evidence boundary.
| Question | Short answer | Next link |
|---|---|---|
| Is my request confirmed? | Yes if a reference is shown. The owner still verifies identity and route before any private action. | CRM entry, not public |
| Can I access the platform now? | Public evidence is available now. Private workspace access is owner-gated. | /defoneos-onboarding |
| Where do I see proof? | The evidence room maps governance, security, commercial, and provenance artefacts. | /defoneos-mod-evidence-room-index |
| How do I buy? | Start with a capped 90-day pilot or validated procurement route. | /defoneos-mod-pricing-card-onepager |
| Can DEFONEOS use my sensitive data? | Not through this public route. Sensitive data requires a separate private route and written boundary. | /defoneos-mod-meeting-notes-to-sow |
| Who owns the reply? | Nicholas Templeman as CSOAI Ltd owner, with JEEVES preparing evidence and drafts. | /defoneos-team |
Minimal analytics without surveillance
The page should help the owner understand conversion without tracking individuals in an invasive way.
- Allowed: aggregate counts by request type, timestamp, source page, and reference prefix.
- Allowed: consented email and organisation when the buyer submits a form.
- Allowed: CRM state changes based on explicit buyer replies.
- Not allowed: fingerprinting, covert cross-site tracking, personal social scraping, location inference, or device-level profiling.
- Retention: keep public-request metadata only as long as needed for fulfilment, accounting, audit, and legal obligations.
- Deletion: remove or anonymise stale low-intent records during the monthly CRM hygiene pass.
Owner escalation ladder
Escalation is about usefulness and risk, not urgency theatre.
| Level | Trigger | Action | Maximum response |
|---|---|---|---|
| L0 | Generic waitlist or newsletter | Add to low-frequency updates. | 7 days |
| L1 | Demo request from plausible buyer | Send evidence room and validation slots. | 48 hours |
| L2 | Public-sector or prime buyer signal | Owner reviews and sends tailored route. | 24 hours |
| L3 | Procurement, security, legal, or investor signal | Owner handles personally; no automation beyond draft. | Same business day |
| L4 | Sensitive data, classified language, or red-line request | Stop automation and require explicit owner review. | Immediate stop |
Buyer trust notes
The thank-you moment is part of the trust architecture. It confirms receipt, prevents false expectations, gives the buyer useful next links, and records exactly what still requires owner action.
- Trust note 1: public evidence is available immediately, private access is not.
- Trust note 2: every request is routed by buyer intent and risk level.
- Trust note 3: the owner can respond quickly without inventing new claims.
- Trust note 4: all high-risk requests stop at the owner gate.
- Trust note 5: every buyer receives a useful next object rather than a generic marketing drip.
12-framework crosswalk
The mapping below is a design and evidence discipline, not a claim of third-party certification.
| Framework | Control mapping | Honesty status |
|---|---|---|
| EU AI Act | Transparency, human oversight, record keeping, post-market monitoring, and high-risk discipline for public-service AI. | Designed. Verify per buyer before external submission. |
| GDPR and UK GDPR | Data minimisation, lawful basis, subject-access path, retention, and no personal-surveillance default. | Designed. Verify per buyer before external submission. |
| JSP 936 | Assurance-case structure, safety evidence, accountable owner, and operational human control. | Designed. Verify per buyer before external submission. |
| JSP 440 | Protective marking, supplier security, secure handling, and public-vs-sensitive separation. | Designed. Verify per buyer before external submission. |
| NIST AI RMF | Govern, Map, Measure, Manage controls connected to buyer onboarding evidence. | Designed. Verify per buyer before external submission. |
| ISO 42001 | AI management system roles, process control, continuous review, and competence evidence. | Designed. Verify per buyer before external submission. |
| NIST PQC | Cryptographic agility path and truthful statement of current vs future signing posture. | Designed. Verify per buyer before external submission. |
| NATO STANAG | Interoperability-compatible language without claiming NATO certification. | Designed. Verify per buyer before external submission. |
| AUKUS Pillar II | Compatibility framing only; no partnership claim without signed evidence. | Designed. Verify per buyer before external submission. |
| OSCAL | Control catalogue, SSP, component definition, and machine-readable audit path. | Designed. Verify per buyer before external submission. |
| Five Eyes export discipline | Public-source and non-controlled data boundary. | Designed. Verify per buyer before external submission. |
| C2PA 2.0 | Content provenance and media-lineage posture for artefacts sent externally. | Designed. Verify per buyer before external submission. |
Honesty register
Explicit bounds for this page.
- This page is public onboarding or thank-you material, not legal advice or official government endorsement.
- No AUKUS, NATO, DAIC, DASA, Dstl, MOD, or Cyber Essentials certification is claimed unless separately evidenced.
- No kinetic-targeting, kill-order, find-fix-finish, personal-surveillance, face-recognition, or phone-location pattern is included.
- DEFONEOS-SEAL is not issued here and requires BFT quorum plus owner gate.
- Public links only. Buyer-specific sensitive data must not be pasted into this page.
- Generated 2026-07-11T08:07:40Z. File slug defoneos-thanks.