Utilities intelligence

Security

Security overview template

Security documentation is a template and requires review before production rollout.

Scope note: Energiem is an intelligence layer. It is not SAP-certified, not an official MaKo gateway, and EDIFACT parsing is beta/analysis-only.

Workspace isolation

Private operational data is scoped to the active workspace.

Roles and permissions

Owner, admin, analyst, and viewer roles control upload, export, billing, API key, and settings actions.

Audit logs

Mutating actions and sensitive operations are logged for workspace review.

API keys

Eligible plans can create hashed API keys; full key values are shown only once.

Upload limits

Backend upload size, row count, and date-range limits are configurable.

Rate limiting

Sliding-window rate limiting on all auth, analysis, export, and API key endpoints. Activates Redis backend automatically when REDIS_URL is configured; falls back to in-memory for single-instance deployments.

Storage and providers

PostgreSQL stores workspace data. Stripe handles billing when configured. Resend or SMTP handles email when configured.

Enterprise preview

SSO/SAML, data retention, connector vaulting, and custom integrations require project-specific implementation.

Security reports

Report security issues directly.

Send security reports to security@energiem.eu. Do not route security issues to a generic inbox.