SAM in a Box
Preliminary development template

Security

Security boundaries before automation.

SAM is being designed around tenant isolation, permission checks, protected server-side actions, and an auditable history.

This preliminary content is provided for product development and must be reviewed before public launch. Legal, privacy, security, tax, and regulatory requirements vary by jurisdiction.

Architecture principles

  • Every private record belongs to an organisation.
  • Members receive the minimum role and data access they need.
  • Secret keys and service-role access remain server-side.
  • AI actions must pass permissions and high-risk approval checks.
  • Customer messages must not be exposed through public database access.

Current status

The repository includes a preliminary database schema and row-level security assumptions, but no live security controls have been deployed or independently assessed. This preview does not claim any certification or universal legal compliance.

Regional requirements

Security, privacy, data location, retention, and regulatory requirements vary by jurisdiction and customer context. They require professional review before launch.