Security and trust

Private evidence, server-side authority, explicit human control.

The pilot architecture is designed for confidential property and resident records. Production approval still requires validation in the selected cloud environment.

A

Tenant isolation

Organization context comes from authenticated membership, every private query is organization-scoped, and negative cross-tenant tests guard endpoints.

F

Private file path

Validated uploads use random storage names and authorized application downloads. Public media URLs are not part of the product.

L

Safer external links

Vendor and recipient bearer tokens are hashed at rest, narrowly scoped, expiring, revocable, rate-limited, and auditable.

H

Human approval

Deterministic blockers control readiness. An authorized reviewer is required before approved delivery.

E

Environment secrets

Provider keys, database credentials, and storage credentials are environment-only and never sent to the browser.

O

Operational evidence

Audit events, versioned statements, backup/restore runbooks, retention procedures, and incident-response steps support accountable operation.

Honest launch status

Pilot-ready and staging-ready. Not production-approved yet.

Before live customer data, the chosen environment must validate private storage policy, database guards, TLS, email authentication, backups/restoration, monitoring, rate limits, secrets, legal documents, and external security review appropriate to risk.

Report a security concern

Do not place tenant records, links, tokens, or credentials in a public issue. A private security contact must be configured before production launch. Until then, production use is intentionally not approved.