Trust Notes

Email and password accounts create a workspace and server-side session token.

Saved reviews, policy selection, workflow decisions, and shared reports persist to the configured product store.

Local mode can run without production secrets, while deployed mode supports a managed database connection.

Stripe checkout, customer portal, and webhook routes are present when Stripe keys and price IDs are configured.

The analyzer runs locally with deterministic checks and includes an optional model-backed structured review mode.

Workspace roles protect billing, policy, workflow, and team-management actions server-side.

Teams can use built-in policy packs plus custom workspace rules.

Add transactional email for verification, password reset, and invite delivery.

Add privacy review for any external model-provider processing.

Add audit logging for approvals, policy changes, and shared reports.

Add formal database migrations and end-to-end coverage for paid self-serve flows.