Security and privacy
Understand access and data boundaries
How Statecraft keeps team data scoped and auditable.
Team authorization
Every protected action resolves the signed-in user, profile, and actual team membership on the server. Client-supplied team identifiers are not trusted for authorization.
Database enforcement
Row-level security limits authenticated reads to verified team membership. Sensitive workflow writes run through validated, rate-limited server routes and are audited.