Security & Privacy
Principles
- Data minimization and aggregation-first analytics
- Secret management via GCP Secret Manager
- Isolation by organization
Compliance Posture
- EU region hosting where possible
- Explicit redirect URIs and scopes
Practices
- No user-level data for MMM
- Audit-ready logging for sensitive flows (auth, tokens)