Server-side secrets
Provider keys and document-processing credentials belong on the server and should never be exposed in client code.
Legal
Security
Security for Verity starts with tenant isolation, least privilege, server-owned calls, audit trails, and careful handling of source records.
Access boundaries
Production authorization should separate who can add information, review records, search history, export records, and see sensitive details.
Audit and review
Important actions should leave source-linked evidence, review state, export history, and access logs.