Security Statement

The current public website uses static content and placeholder forms only. It does not connect to Supabase, authentication, document storage, payment processing, or database migrations.

Visitors should avoid entering sensitive information into placeholder forms.

Future authenticated areas should use role-based access control, protected routes, Row Level Security, private storage buckets, signed document access, input validation, secure error handling, and audit logs.

Secrets should stay in environment variables and should not be committed to the repository.

The platform plan avoids unnecessary sensitive data collection during the prototype. Future document workflows should remain limited until hosting, storage, and access controls are reviewed.