Tenant authorization
Every authenticated read resolves a user membership for the signed workspace; role checks protect Owner, Administrator, and Editor operations.
Security & privacy
Security claims here describe implemented controls. Production posture still depends on the buyer's hosting, secrets, provider approvals, monitoring, and operating procedures.
Implemented controls
Every authenticated read resolves a user membership for the signed workspace; role checks protect Owner, Administrator, and Editor operations.
Provider tokens and webhook signing secrets use AES-256-GCM at rest. API and ingestion keys are one-time values stored only as hashes.
Short-lived signed state, PKCE, an HttpOnly verifier cookie, user/workspace binding, cancellation handling, refresh, and re-auth states.
Public HTTPS only, DNS re-check before delivery, no redirects, HMAC signatures, timeout, bounded retries, and delivery logs.
Workspace export, retention cleanup, provider deletion, account deletion, and explicit workspace deletion are implemented.
Audit records, request IDs, health endpoint, scheduled cleanup, external activation matrix, and incident-response documentation.
Legal boundary
Privacy, cookie, retention, subprocessors, data map, and security documents identify operator-controlled fields and items that require legal review before a commercial launch.
Ready when the data is