Security & Data
- TLS (HTTPS) everywhere; secure cookies
- RBAC with least-privilege defaults
- Password hashing (argon2id or bcrypt via
password_hash) - Per-tenant data separation at the DB layer
- Audit log of admin actions
- Backups encrypted at rest; restricted access
Reliability
- Daily off-box backups (14/30-day retention configurable)
- Operational status page (coming)
Roadmap
- SSO/SAML, IP allowlists
- Webhooks and fine-grained API tokens