Workspace isolation
Private operational data is scoped to the active workspace.
Security
Security documentation is a template and requires review before production rollout.
Scope note: Energiem is an intelligence layer. It is not SAP-certified, not an official MaKo gateway, and EDIFACT parsing is beta/analysis-only.
Private operational data is scoped to the active workspace.
Owner, admin, analyst, and viewer roles control upload, export, billing, API key, and settings actions.
Mutating actions and sensitive operations are logged for workspace review.
Eligible plans can create hashed API keys; full key values are shown only once.
Backend upload size, row count, and date-range limits are configurable.
Sliding-window rate limiting on all auth, analysis, export, and API key endpoints. Activates Redis backend automatically when REDIS_URL is configured; falls back to in-memory for single-instance deployments.
PostgreSQL stores workspace data. Stripe handles billing when configured. Resend or SMTP handles email when configured.
SSO/SAML, data retention, connector vaulting, and custom integrations require project-specific implementation.
Security reports
Send security reports to security@energiem.eu. Do not route security issues to a generic inbox.