> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cf0.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Citations and audit trail

> Every figure cf0 surfaces traces to the exact filing, page, and section. Threads export as compliance-ready audit trails for IC and regulatory review.

cf0's trust posture rests on one principle: **every quantitative claim has a source, and the source is one click away.** This page covers how citations are generated, how to inspect them, and how to export an audit trail.

## How citations work

For every number Lab surfaces, cf0 stores the source at extraction time. The citation captures:

* **Company and filing type** — e.g. `NVDA · 10-K`
* **Filing date and period covered** — e.g. `filed 2025-02-21, FY2025`
* **Section** — e.g. `Part II · Item 7 · MD&A`
* **Passage pointer** — page and paragraph

For narrative claims (risk factors, MD\&A, transcript excerpts), the cited quote is stored alongside the section header so you can read what the model read.

## Report-grade citations

When you generate a report from a Lab thread, every figure in the PDF carries a **numbered footnote** that resolves to a **Sources Table** in the appendix. Each row in the table includes:

| Column   | What it carries                                   |
| -------- | ------------------------------------------------- |
| `#`      | Footnote number used in the body                  |
| Source   | Title — e.g. "Company Annual Report 2025, Item 5" |
| Type     | Primary, secondary, market data, or transcript    |
| Used for | The body claim(s) it supports                     |
| Link     | Clickable URL to the underlying filing or feed    |

Inline: *"The company's EV market share reached 18% in 2025¹."*
Footnote 1: *Company Annual Report 2025, Item 5. Primary source. See Source #1.*

## Key Assumptions table

Every valuation in a cf0 report is preceded by a **Key Assumptions** table — WACC, growth, terminal multiple, and the inputs each row depends on. Swap an input, see what drives the model. No hidden assumptions.

## Inspecting a citation

In Lab and in reports, citations appear as inline references next to the figure. Click the reference to open the source pane on the right:

* The relevant section opens to the cited passage, with the figure highlighted.
* For tables, the cell coordinates highlight (e.g. row "Free cash flow", column "Q4 FY2025").
* Derived metrics show their derivation explicitly, with each input citation linked.

If a number can't be grounded in a source, cf0 doesn't surface it. See [Guardrails → Refuse to fabricate](/security/guardrails#refuse-to-fabricate).

## Exporting an audit trail

Every Lab thread can be exported as a compliance-ready audit trail. The export captures the full conversation, every tool call and its result, every assumption gate and how it was resolved, every citation with source link, timestamps, and the model version that ran each turn.

<Steps>
  <Step title="Open the thread">
    Find the thread in the sidebar.
  </Step>

  <Step title="Export the audit trail">
    Click the thread menu and choose **Export audit trail** — pick Markdown or PDF.
  </Step>

  <Step title="Pair with the report">
    The polished report goes to the committee; the audit trail survives review.
  </Step>
</Steps>

## Org isolation

* **Org-scoped**: research threads, documents, and reports live within your organisation's workspace. No cross-org visibility.
* **Thread privacy within an org**: thread bodies are user-scoped. Org admins see aggregate activity (counts per member) on the [Dashboard](/workspace/dashboard), never message contents.
* **Authentication**: every session is scoped to the active organisation. Tokens are short-lived (\~1 minute) and refreshed automatically.

## What cf0 will not do

* **No financial advice.** cf0 produces research and analysis. It doesn't tell you to buy or sell.
* **No model-generated math.** Calculations route through deterministic code templates. See [Guardrails](/security/guardrails).
* **No training on your data.** Customer threads, documents, and reports are never used to train any AI model.
* **No uncited claims.** If the model can't ground a figure, it surfaces the gap rather than inventing one.

## Related

* [Data governance](/security/data-governance) — sub-processors, storage, boundaries
* [Observability](/security/observability) — every turn traced
* [Guardrails](/security/guardrails) — defense in depth
