Security & Data Handling

MSOS Terminal client portal posture

MSOS Terminal is designed as an authenticated client portal for operational margin analysis. The public website sells trust; the portal enforces trust through access control, tenant isolation, limited support intake, and documented deletion protocols.

Access Control

Client access is invite-only. User role and tenant authorization are controlled through Supabase application metadata and enforced by route guards, API authorization, and row-level security.

Data Protection

Client data is encrypted in transit through HTTPS/TLS and stored in managed cloud infrastructure. Raw exports should be transferred only through approved intake paths, never through support messages.

Retention & Destruction

MSOS maintains a 72-hour destruction commitment after engagement close or written client request, subject to legal hold or regulatory preservation requirements. A destruction certificate can be issued.

Healthcare Data

For healthcare engagements, MSOS requires de-identified data unless a Business Associate Agreement and written handling requirements are in place.

Important Boundary

MSOS does not claim independent SOC 2 certification at this stage. Where applicable, we rely on security controls inherited from infrastructure providers and document our own operating controls.