Tenant isolation
Restaurant data is scoped by business and business-unit ownership throughout the app. Tenant-isolation violations are treated as critical security bugs in the engineering policy.
Security & trust
A factual trust posture for operators evaluating MarginKind
This page summarizes the current engineering posture and production-readiness plan. Formal legal terms and commercial security commitments remain counsel-gated.
Review status
Technical source review is based on the repository's security review and AWS infrastructure docs. Counsel review for MC-30/MC-31 is still required before this page can be treated as final legal or procurement language.
Payment boundary
Card handling is delegated to payment providers. MarginKind's public trust posture avoids claiming provider certifications as MarginKind certifications.
Production architecture
The production infrastructure plan uses ECS Fargate services, ALB, private PostgreSQL, Secrets Manager, task roles, and CloudWatch logging. WAF, restore evidence, and rotation runbooks remain production-hardening gates.
Operating practices
- Signature verification is required before anonymous webhook mutation.
- Sensitive production values are expected to come from managed secrets, not images or source.
- Production database design calls for encryption, backups, PITR, and deletion protection before live customer data.
- Demo data is fictional and resettable; real customer, employee, payment, and business data should not be entered in demo sessions.
Talk through trust requirements
Share the security or procurement questions your team needs answered.