Security practices

Cloud workspaces are designed around authenticated users, team roles, scoped API keys, and operational logs.

Workspace owners should review team membership regularly and rotate API keys when access changes.

Production services are deployed through the configured workflow, with database migrations, service builds, container startup, and smoke checks before completion.

Service logs and health checks are used to detect failed deployments and connectivity issues across the API, database, Redis, website, and dashboard.

If you believe you have found a security issue, contact support@ngtaxkit.com with a clear description, affected URL or package version, steps to reproduce, and potential impact.

Please do not publicly disclose an active security issue before the team has had a reasonable opportunity to investigate and fix it.