Current posture
Steward separates public marketing pages from authenticated app routes, uses Clerk-backed auth surfaces, stores source documents through signed storage adapters, and keeps live-service claims gated by proof.
Trust
Security posture for maintenance records.
This page keeps the trust story honest: what Steward is designed to protect, what is already represented in the app, and which claims still require production evidence.
Data boundaries
Invoice attachments, service records, tenant requests, and vendor details are treated as user content. Public pages do not claim customer-scale security proof until production evidence exists.
Operational controls
Claim inventory, product-truth language, webhook signature checks, suppression rules, and environment-gated adapters are used to reduce overclaiming and unsafe behavior.