TrustSecurity
Security
Security docs define the current operating posture for access, secrets,
Purpose
Security docs define the current operating posture for access, secrets, contributors, and AI-generated work. They are not a substitute for a formal security program.
Stages
| Stage | Security posture |
|---|---|
| Now / Founder Preview | No secrets in repo, private-by-default personal data, protected admin/debug surfaces, minimal data. |
| Early Beta | Basic rate limits, Turnstile on risky public forms, error logs, access review, deletion/export channel. |
| Commercial Readiness | Payment webhook verification, audit logs, processor registry, incident runbook, backup/restore drill. |
| Scale / Marketplace | App permission model, Proxied App sandbox policy, multi-tenant isolation, marketplace security review. |
| Long-term Platform | SOC2-like readiness checklist, internal risk register, governance and audit surfaces. |