Controls
- Rate limiting, request size limits, and strict timeouts on every endpoint.
- License guard enforcing CUSTOMER_ID-specific expiry.
- Request logging includes timestamp, method, path, status.
Incident response
- Token compromise: rotate tokens via env, redeploy.
- SSH/secret rotation: update credentials, reload Nginx, restart services.
- Emergency block: enforce mode, expired timestamp, deploy.
Disclosure
Contact: security@precion.io (PGP optional). Policy: Responsible disclosure, acknowledgement within 24h best effort.
Transport Security
All Prelude endpoints are served exclusively over TLS.
No client-side state, cookies, or browser-based authentication is used.