Trust & compliance

Security

Access is enforced through authenticated sessions and organization-aware storage policies, not public-link sharing defaults.

Session protection

Signed-in routes require authenticated sessions with role-aware org membership.

Data persistence and visibility are enforced at the data layer to reduce UI-only security gaps.

API keys come from your env or account settings; example pages run locally without remote model calls.

Legal docs: Privacy and Terms.