Security and trust

Evidence, access, and AI calls are designed to stay within clear boundaries.

NCASE combines organization-scoped access, server-side provider calls, audit events, and source transparency.

Organization isolation

Supabase Row Level Security is the intended production boundary for workspaces, reports, sources, jobs, and members.

AI, retrieval, email, and service-role credentials stay on the server and are never exposed to the browser.

Important findings retain stable source IDs, timestamps, citations, confidence, and evidence gaps.

A separate verifier checks cited claims; unsupported and omitted verification results fail closed.

NCASE supports decisions but does not replace qualified legal, financial, medical, or regulatory judgment.

Before launch, run authenticated staging tests, policy review, accessibility testing, and provider failure exercises.

Designed for clarity and confidence

Visible sources, explicit assumptions, and human review for important decisions.