Security overview

Operon enforces per-business tenant isolation on every request, authenticated access with role-based permissions, server-side plan/feature gating that never trusts client-supplied plan data, rate limiting on sensitive and public endpoints, signed-token signing links for contracts, and content filtering on AI input. Secrets are never logged.

Highlights

• Per-business tenant isolation enforced on every request
• Authenticated access with role-based permissions (owner / admin / manager / employee)
• Server-side plan and feature gating that never trusts client-supplied plan data
• Rate limiting on authentication, public forms, and sensitive endpoints
• Signed, time-limited tokens for public contract signing links
• Content filtering on AI input; secrets are never logged

Detailed security implementation is maintained in Operon's internal documentation and is not published here.