The operator controls infrastructure, network policy, secrets, backups, and retention.
Security
Built for operator-controlled deployments.
RecSys is usually self-hosted, so your team controls infrastructure, secrets, network policy, backups, and retention. The product keeps the review surface explicit.
Posture
Security review starts with clear ownership boundaries.
Recommendation requests and evaluation datasets do not require raw names, emails, or phone numbers.
Admin config, rules, cache, and audit routes are documented as trusted operator surfaces.
Controls
Current repository controls are visible before procurement.
- JWT, API key, and local dev-header modes are represented in configuration and middleware.
- Tenant claims or tenant headers scope serving and admin routes.
- Admin audit logging can be enabled for control-plane changes.
- Production config validation covers sensitive salts, pprof binding, and artifact S3 TLS settings.
Limits
No hidden certification claims.
This site does not claim external certifications, managed hosting controls, DPA terms, subprocessor lists, SLA commitments, or data residency guarantees unless they are captured in signed commercial terms.
Next step
Preparing a security review?
Start with the procurement page and technical security docs, then use the contact path for confidential commercial review.