Privacy & Security

Core controls

• Role-based access control (RBAC)
• Encryption at rest and in transit
• Audit logs for access and changes
• Secure secrets management
• Data retention and deletion policies

Threat model (summary)

• Unauthorized access to images
• Leakage via misconfigured storage
• Insider risk
• Inference attacks (mitigate via minimal exposure and access controls)

Operational safeguards

• least privilege roles
• environment separation (dev/stage/prod)
• incident response runbook