Security

Core principles

• • Least privilege by default (RBAC, scoped keys, explicit grants).
• • Separation of concerns (data, logic, interface governed separately).
• • Auditability (logs, traces, decision checkpoints when enabled).
• • Minimized blast radius (tenant boundaries, environment separation).

Operational controls

• • Secrets management (no secrets committed; rotateable credentials).
• • Secure transport (TLS) and modern hosting baselines.
• • Logging for security and reliability (rate limits, abuse prevention, uptime monitoring).
• • Change control (versioning, review, rollback strategy).

Deployment models

• • Client-owned hosting (your cloud / your network controls).
• • Dedicated environments (isolated workloads, controlled access).
• • Hybrid deployments (managed interface layer with client-controlled boundaries).

Responsible disclosure

Report vulnerabilities: hello@ceiba.ai (subject: "SECURITY") with steps to reproduce and relevant logs.