Your log says
REJECTED
Status 130 · "Declined"
vs
Provider reality
CAPTURED
€2,461.19 · Fee €34.71
€2,461 charged — should not exist after REJECTED
Webhook "succeeded" sent to merchant
€2,426 settled two days later
Leaking: €2,461.19...
Prove your boundaries.
Before consequences do.
Consequence accounting for rejected actions

2,500 transactions scanned. 243 rejections. Results:

PAYMENT
€17,062

14 charges captured after rejection

CARRIER
14

Webhooks "succeeded" sent after failure

COST
€242

Fees charged on rejected transactions

ACCOUNTING
€5,881

Settlements on rejected transactions

229 boundaries held. 14 didn't. Without BOUNDA, all 243 look identical in your logs.

Synthetic Worldline-format dataset · CPU-only · Deterministic

txn_000165 — a boundary that didn't hold

05:47:27
TIMED_OUT — 3DS_FAILURE, Stripe, NL
05:47:28
€2,461 captured. Should not exist.
05:47:31
Webhook "succeeded" sent to merchant
+2 days
€2,426 settled — batch_4439
CFOYou book rejected transactions at zero. Some cost money.
CTOYour system returned DENIED. The provider charged anyway.
CISOAccess was revoked. The token is still alive.

Pick a surface. See what BOUNDA finds.

Real method, synthetic data. Gaps, exposure, persona views, invoice.

What you get.

Not dashboards. Not alerts. Proof objects you can share, audit, and act on.

Gap Certificate

Proves which rejection leaked and what consequence was born.

Zero-Delta Certificate

Proves a rejection held. Nothing born. Auditor-ready.

Reality Budget

Financial exposure: MEASURED, DERIVED, or MODELED. No overclaim.

Evidence Pack

Merkle-sealed, SHA-256, replayable. Verifiable offline by third party.

Action Plan

Fix actions per gap. READY_FOR_REVIEW. Never auto-executed.

Check. Prove. Close. Hold.

Four steps to proven boundaries.

01

Check

Upload logs. BOUNDA maps each decision to its real consequences.

02

Prove

Each boundary verified against provider reality. HELD or BREACHED.

03

Close

Fix what leaked. Refund candidates, webhook filters, gate rules.

04

Hold

Monthly re-scan. Regression alerts. Board-ready report.

Before and after: one boundary.

Today
DECLINE
→ provider.create()
→ object EXISTS
→ fee CHARGED
→ webhook SENT
With Boundary Gate
DECLINE
BOUNDA GATE
→ provider.create() BLOCKED
→ fee ZERO
→ webhook HELD

The missing layer in your stack.

Your tools monitor, control, and log. None prove the rejection worked.

SIEMshows what happened
IAMcontrols who can act
Monitoringshows uptime
Policy enginesays what's allowed
BOUNDAproves rejection worked

What's your hidden exposure?

Estimate in 10 seconds.

If 1% of rejections leak a consequence
€960,000/yr

Modeled, not claimed as loss

Your data stays yours.

Your logs stay in your browser. Nothing is transmitted.

Need more? BOUNDA Desktop runs on your machine. BOUNDA Shield runs in your VPC. See deployment options →

BOUNDA never needs

  • Raw payloads
  • Customer names or PII
  • Secrets, tokens, API keys
  • Full IP addresses
  • Business content
  • Production access

BOUNDA only needs

  • Decision column (status/result)
  • Consequence signals
  • Timestamps
  • Amounts (can be banded)
  • Provider identifier
  • That's it

What anonymization looks like

Your file
txn_abc123
John Smith
€2,461.19
Stripe
sk_live_4eC39H
What BOUNDA sees
hash_7f2e9a
[redacted]
band_2000-3000
provider_1
[removed]

CPU-only · Sovereign EU · Offline-capable · DORA / NIS2 ready

Free check. Pay only for proven gaps.
Subscribe to keep surfaces clean.

Boundary Check

€0
Always free
  • Boundary Score
  • HELD / BREACHED verdict
  • 3 gap examples (masked)
  • Missing receipts list
  • Clean certificate if held

Boundary Proof

€490
Only if breached
  • Complete gap list
  • Transaction timelines
  • Reality budget
  • Executive views
  • Evidence pack (Merkle)
  • Fix direction

Boundary Hold

€990/mo
Per surface
  • Monthly re-scan
  • Fix tracking
  • Regression alerts
  • Board report
  • Monthly Close
  • Success fee on savings

Boundary Shield

From €15K/yr
Enterprise + Gate
  • Multi-surface
  • Boundary Gate
  • On-prem / VPC
  • Control Blueprint
  • DORA packages

No breach, no fee. Breach found: a small share of what we saved you. Capped at 15%.

Common questions.

Is my data sent to your servers?

By default, no. The online scan anonymizes everything in your browser. BOUNDA Desktop runs locally. Shield runs in your VPC. You always choose what crosses your perimeter.

What if nothing leaks?

You get a free Clean Certificate proving your boundaries held. That's valuable for audit, compliance, and board reporting. BOUNDA doesn't need you to have a problem.

Is this compatible with DORA / NIS2?

The Evidence Pack is Merkle-sealed, SHA-256 verified, and replayable by third parties. It doesn't replace your auditor, but it gives them the proof they need.

Can I run it fully offline?

Yes. BOUNDA Desktop and Shield both work without internet. Evidence Packs are generated and verifiable locally.

What if my verdict is WATCH?

WATCH means signals detected but not proven. BOUNDA tells you the exact next document to add — for example "upload webhooks.csv" — to transform WATCH into BREACHED or HELD.

Do you execute refunds or corrections?

Never. All fix actions are READY_FOR_REVIEW. Your team reviews and approves every action. BOUNDA proves. You decide.

Prove your boundaries.

Upload a log. See what got through. 60 seconds. Free. Your data stays in your browser.

Boundary Check

Processed in your browser. Raw logs never leave your machine.

Drop CSV / JSONL or click to browse

Max 100MB · Nothing transmitted