Security

Access Control

JWT sessions, MFA, owner/admin/manager/agent/viewer roles, and policy checks protect account, CMS, lead, and integration workflows.

Infrastructure

The production deployment uses isolated systemd services, a dedicated PostgreSQL database/user, a dedicated Redis instance, HTTPS, and a separate nginx virtual host.

Data Protection

MFA secrets are encrypted at rest. Sensitive integration secrets are limited to admin-managed settings, and audit logs record account and integration changes.

Monitoring

Health endpoints, smoke tests, alert delivery logs, webhook retry history, and backup scripts support incident response and restore readiness.