Workspace isolation
Private operational data is scoped to the active workspace.
Security
Security overview template
Security documentation is a template and requires review before production rollout.
Scope note: Energiem is an intelligence layer. It is not SAP-certified, not an official MaKo gateway, and EDIFACT parsing is beta/analysis-only.
Roles and permissions
Owner, admin, analyst, and viewer roles control upload, export, billing, API key, and settings actions.
Audit logs
Mutating actions and sensitive operations are logged for workspace review.
API keys
Eligible plans can create hashed API keys; full key values are shown only once.
Upload limits
Backend upload size, row count, and date-range limits are configurable.
Rate limiting
In-memory rate limiting exists for MVP; Redis or platform-level rate limiting is still required before public launch.
Storage and providers
PostgreSQL stores workspace data. Stripe handles billing when configured. Resend or SMTP handles email when configured.
Enterprise preview
SSO/SAML, data retention, connector vaulting, and custom integrations require project-specific implementation.