# ACCOUNTSCOPE SECURITY & DATA GOVERNANCE OVERVIEW ### Security Technical Reference Sheet This document outlines the security architecture, data governance models, compliance matrices, and threat prevention layers implemented on the AccountScope Enterprise Financial Intelligence Platform. --- ## 1. Technical Architecture & Data Isolation AccountScope is built with a zero-trust model to isolate tenant data at every layer of the application stack: ``` [ Client Browser / HTTPS ] │ ▼ [ API Gateway (Enforced Encryption) ] │ ▼ [ Next.js Middleware / Application Router ] - Verifies JWT authentication tokens on every request. - Resolves client ID mapping in the request header context. │ ▼ [ Supabase Postgres Backend (Row-Level Security) ] - Postgres RLS filters query results dynamically. - Checks that client_id in the row matches the authenticated user token. ``` * **Isolation Integrity**: Standard query requests cannot bypass RLS filters. Cross-tenant reads or modifications are blocked at the database engine level, returning `404 Not Found` or `403 Forbidden` errors. --- ## 2. Row-Level Security (RLS) Policy Specifications We implement RLS constraints on all case, transaction, and document tables: ```sql -- Example RLS Policy for Cases Table CREATE POLICY tenant_isolation_policy ON cases FOR ALL USING (client_id = (SELECT client_id FROM client_users WHERE user_id = auth.uid())) WITH CHECK (client_id = (SELECT client_id FROM client_users WHERE user_id = auth.uid())); ``` This ensures that: 1. Every query executed by an authenticated user is implicitly scoped to their client ID. 2. Direct API requests trying to read case details belonging to another organization return empty results. --- ## 3. Data Governance & Privacy Policies AccountScope is engineered to minimize data footprint liabilities: * **Regional Hosting**: All database instances and file storage buckets are hosted in regional virtual private instances. * **30-Day Auto-Purge Policy**: PDF bank statement files are automatically purged from storage buckets 30 days after ingestion. * **Preservation Model**: While raw PDF files are deleted, the extracted, validated transaction ledgers and case audit trails are preserved to support case reviews. * **PII Redaction**: The Visual Verification workstation enables redaction of sensitive PII (addresses, card numbers) before court report generation. --- ## 4. Permissions Governance Matrix We enforce a strict six-role permission model: ``` Role / Scope │ View Matter │ Edit Matter │ Approve Case │ Export Pack │ Manage Users │ Manage Offices ─────────────────┼─────────────┼─────────────┼──────────────┼─────────────┼──────────────┼─────────────── Admin │ Yes │ Yes │ No │ Yes │ Yes │ Yes Partner │ Yes │ Yes │ Yes │ Yes │ No │ No Solicitor │ Yes │ Yes │ No │ Draft Only │ No │ No Paralegal │ Yes │ Yes │ No │ No │ No │ No Reviewer │ Yes │ No │ Yes │ No │ No │ No Read Only │ Yes │ No │ No │ No │ No │ No ``` * **API Enforcement**: Gating is enforced on all case action endpoints. If an unauthorized user calls `/api/enterprise/workflow` to approve a case, the server rejects the request with a `403 Forbidden` response. --- ## 5. Append-Only Audit Trails Every classification edit, split, and status transition writes a permanent, unalterable event log: * **Storage**: Event logs are recorded in the `audit_logs` table. * **Structure**: Records timestamp, user ID, client ID, action, resource reference, previous value, new value, and justification code. * **Vulnerability Gating**: The database block policies prevent standard users from modifying or deleting audit trails, protecting the integrity of the report evidence.