BaseCite Security Portal

Security controls protect customer-submitted/unverified data with private encrypted storage, rate limits, audit events, no raw public download, and no bulk export. External KMS/HSM, WORM, SOC 2, and legal approval remain external evidence gates.

Protected upload API

POST /api/v1/organizations/{org_id}/customer-uploads

{ "filename": "profile.txt", "visibility": "ai_readable_controlled", "payload": "...", "uploader_organization_type": "customer", "uploader_organization_id": "customer-org", "asserted_subject_org_id": "customer-org" }

Workspace and credentials

Workspace model
Tenant-scoped credentials
Security boundary
Receipt metadata

Boundaries

Upload acceptance is not truth verification.
OriginCairn review is optional later reference only, not an upload prerequisite.
No raw file public download, all-customer list, database dump, embeddings export, or bulk export.
AI/MCP access is per-record, API-key controlled, rate-limited, audited, and canary-marked.

Machine-readable portal config

/portal/config