Last updated: April 2026

Security & trust

High-level trust posture for enterprise and procurement review. Sensitive implementation details are intentionally not published.

Access control and product entitlement gating for protected workflows.
Auditability and manifest verification support in operational workflows.
Environment separation across hosting and API runtime surfaces.
Governed release, preservation snapshots, and rollback discipline for enterprise-facing changes.

Infrastructure summary (non-sensitive)

High-level only; no credentials, internal hostnames, or detailed topology.

Web: Static and SPA surfaces delivered via managed hosting (e.g. Firebase Hosting) with versioned assets and cache-friendly deploys.
APIs: Operational APIs run on managed container runtime (e.g. Google Cloud Run) with TLS termination at the edge.
Data: Application state and audit-oriented storage use managed cloud data services with access controlled by platform identity and product gates.
Operations: Changes to protected routes follow inventory registration, review gates, and snapshot policy (SDP-GOV-3000 family).

Security details are provided for trust transparency and procurement diligence. Full implementation specifics remain restricted.