Security & Compliance Overview
- Hosting: U.S.‑only by default; self‑hosting available. No tracking/telemetry.
- Access Control: Role‑based permissions; least privilege.
- Transport/Storage: TLS in transit; encrypted storage at rest (AES‑256 where supported).
- Backups: Daily snapshots; 30‑day retention by default (configurable).
- Logging: Access & admin actions; configurable retention.
- Isolation: Separate environments for dev/staging/prod where appropriate.
- Recovery: Runbook with RPO/RTO targets documented in SOW.
- Compliance: HIPAA/ABA readiness patterns available upon request.
