Least-privilege Stripe access
Founders can connect an existing Stripe account or use a restricted API key with read permissions. We recommend restricted read-only keys for beta accounts whenever OAuth availability creates friction.
Credential protection
Restricted credentials are encrypted at rest with server-side AES-256-GCM. Full credentials are never returned to the client, displayed in admin, included in logs, or sent to AI providers.
Server-side access controls
Clerk protects authentication boundaries. Database workspace membership, application roles, and subscription entitlements are checked on the server before sensitive records or actions are available. Admin routes require ADMIN or SUPER_ADMIN.
Auditability
Important account, integration, sync, billing, admin, AI, and Revenue Action events are written to audit or internal product-event records. Sensitive credentials are excluded.
Beta limitations
MRR Pilot does not currently claim SOC 2, ISO 27001, PCI DSS service provider certification, or comprehensive regulatory compliance. Security controls will continue to be reviewed before general availability.