Security
Security isn't a feature. It's the product.
Row-level security on every table
Postgres RLS enforces user isolation at the database layer. No app code can bypass it.
API keys hashed at rest
Raw keys are shown once at creation. We store SHA-256 hashes only.
Hash-chain audit ledger
Every risk score links to the previous one via SHA-256. Tampering is mathematically detectable.
MFA + HIBP enforced
Multi-factor authentication and leaked-password screening protect every account.