Why provenance is a feature, not a compliance checkbox

Most B2B-data vendors treat data provenance as something they show to lawyers. The customer-facing surface says "1,000,000+ contacts" and that is the end of the conversation. You import the file into Salesforce, the company name in Salesforce becomes the company name, and a year later you have a CRM full of merged, contradictory records with no way to tell which one is right.

Provenance fixes this. When every field carries the source it came from and the date we last verified it, your CRM can do something useful: it can refuse to overwrite a field with a stale value, and it can flag fields that have not been refreshed in N days.

Kestrel emits provenance per field on every response: source name, source URL, legal basis, captured timestamp, last-verified timestamp. The HubSpot and Salesforce connectors write provenance into custom properties (kestrel_source_X, kestrel_verified_at_X) so your sales ops team can build "field health" dashboards.

In practice this collapses your refresh budget. Instead of running a quarterly bulk enrich across 200,000 records (expensive, noisy, half the records have not changed), you run a daily refresh of 5,000 records whose verified_at is more than 60 days old. The cost drops 80%, the CRM stays clean, and your sales team stops asking "is this address current?"

The compliance benefit is incidental. The CRM benefit is the business case.