Data security & privacy
Domain separation (compliance vs. business).
At‑rest AES‑256; in‑transit TLS 1.2/1.3; row‑level encryption; KMS/HSM rotation.
RBAC/ABAC least privilege; all access logged; immutable audit logs; Merkle‑anchored reconciliation batches.
CSIRT and RACI with 72h privacy breach notifications.
Last updated