Privacy

Production deployments should store account, entitlement, submission, material-access, and Workbench usage records in private managed services with least-privilege access.

Provider keys stay server-side. The local app uses seeded fixtures and dev-mode route handlers when credentials are absent.

Workbench uploads require prompt-injection and data-safety review before production file support is enabled.