Legal
Privacy policy
A full privacy policy will be published before production launch. This route exists so navigation and compliance reviews do not 404.
Data handling follows the architecture in project documentation: PostgreSQL for operational data, S3 for files with collection-level access, and Office 365 for transactional email. Production secrets are not stored in CMS records.
