Security

User authentication is handled via Auth0. Sessions are managed by the web application.

Treat broker credentials and tokens as sensitive secrets. Only provide them in trusted environments.

If you discover a security issue, report it privately to the team before public disclosure.