Security
Verellix is designed for sensitive founder and company execution data. The security page should reassure serious users without making claims that the deployed stack has not actually verified. Replace placeholders with your legal entity details before production use.
Access control
Access should be scoped by authentication, account status, commercial state, role, ownership, local authority, onboarding, and governance readiness.
Auditability
Decision, escalation, intervention, support, and administrative activity should preserve traceability so the system can explain what happened and why.
Data protection
Production should use HTTPS, secure session cookies, least-privilege service access, managed secrets, database backups, monitoring, and controlled admin access.
Operational resilience
Security is not only prevention. Verellix should maintain incident handling paths, evidence capture, notification processes, and recovery procedures.
Responsible disclosure
Security reports should be routed to a monitored channel, triaged quickly, and handled without exposing customer operating data.