Skip to main content

Security & Compliance

Principles:

  • Edge runtime: minimal attack surface, Cloudflare-managed TLS.
  • Secrets management: environment variables in Pages/Workers; avoid committing secrets.
  • Multi-tenancy isolation: tenant_id on all data rows; Durable Object guards workspace ops.
  • Input validation: API routes validate payloads; status transitions controlled.

Hardening tips:

  • Enable Cloudflare security features (WAF, Bot Management) as needed.
  • Use rate limiting on write endpoints.
  • Log security-relevant events into logs with level=warning/error.