Security

Public controls, coordinated disclosure and a baseline package for due diligence.

This page summarizes observable controls in the product and the types of materials currently available for technical, legal and commercial review. It does not replace formal questionnaires, additional evidence or contractual commitments.

Effective date: 2026-04-13Last reviewed by: Security, Privacy and OperationsSecurity contact: support@mfe-debugger.local

Current controls

Authentication with per-device sessions, session rotation and audit trail.
SSO, MFA, managed domains and SCIM controls according to plan maturity.
API keys scoped by organization or project, with revocation and usage history.
Persistent ingestion queue and a dedicated worker for session and incident materialization.
Operational playbooks for backup, restore, deployment and incident response.

Operating practices

Operational secrets separated by environment, with support for file-based secret resolution.
Baseline rate limiting across the private API, recovery flow and public ingestion.
Audit coverage for administrative events, billing, security, ingestion and data operations.
Health checks, runbooks and worker heartbeat monitoring for production operations.

Incident response

Security reports are triaged through the primary operational channel and routed to technical investigation.
When material impact is confirmed, the case enters the incident workflow with audit trail, containment, remediation and communication.
Enterprise customers may require specific response flows and notification timelines by contract.

Vendor security package

access control, MFA, SSO and session management
tenant segregation, audit trail and revocation
data handling, retention, export and deletion
backup, restore, production operations and incident response
subprocessors, billing and external dependencies

Available on request

DPA and initial legal review.
Vendor security package and standard due diligence responses.
Subprocessor, architecture and operational control review.
Billing, retention, export and deletion operating summary.

Disclosure and contact

To report security issues, request a DPA, negotiate additional terms or request the vendor security package, contact support@mfe-debugger.local. See also Privacy and Terms.