Security

Encryption in transit (TLS) and at rest. Access via RBAC and audited actions.

TLS 1.2+ enforced; keys rotated regularly.

Per‑role permissions; SSO optional; 2FA recommended.

Audit logs retained 90 days with export on request.