Creator OS
Reis Media LLC · Security Controls

Access Control Summary

Who and what can reach production systems and sensitive data in Creator OS — and the controls that keep that access least‑privilege.

Effective June 9, 2026 Version 1.0 Owner Philipe Reis, Founder

01The access model

Access to production assets and sensitive data in Creator OS follows the principle of least privilege: every person and every component is granted only the minimum access required, and access to financial data is constrained at the data layer itself.

02Controls in place

ControlHow it worksStatus
Per‑user Row‑Level Security The PostgreSQL database (Supabase) only lets an account read/write its own rows — enforced by the database, not just the app. One user cannot access another's data. In place
Restricted / least‑privilege API keys The browser uses a public key bound to the per‑user rules; the powerful service‑role key is never shipped to the client. In place
Server‑side secrets Application secrets live server‑side / in a secret store, never exposed to the browser or stored in code. The Plaid secret and bank access tokens are being built to the same standard (bank‑connect is in development). In place Plaid: building
Secrets in environment / secret store Keys and tokens are held in environment variables / a managed secret store; never committed to the repo, never printed or logged. In place
Agent scope guard A frozen, tamper‑resistant policy: read‑only on money/credentials (with redaction), write to a tiny allow‑list only, never delete, never raw SQL, never expose tokens. Verified by automated tests. In place
Single‑admin console access Database/hosting, payments and code repository consoles are accessible only to the founder. In place
Session hygiene Logout clears in‑browser data and cached state so a shared device never exposes a prior session. In place
Multi‑factor authentication (MFA) MFA on administrative consoles and offered to end users. The auth platform supports it; enabling/enforcing it is the committed next step. Committed
Per‑user issued API keys + audit log Production upgrade from email/password for agent access, with a per‑request audit trail. The scope guard already centralizes enforcement. Committed

03Access to sensitive data, by component

  • Browser app: only the signed‑in user's own data, via the per‑user RLS rules. No service‑role key.
  • Server functions: will hold the Plaid secret and exchange tokens server‑side, with bank tokens never returned to the client (bank‑connect is in development, being built to this standard).
  • Agent / API access: signs in as the user, runs under the same RLS, and is further constrained by the frozen scope guard (read‑only on financial data + credentials, redacted).
  • Administrators (founder): console access for operations, governed by this policy and the Information Security Policy.
Honest status

The "Committed" rows above are not yet fully in place. We list them openly rather than over‑state our controls; they will move to "In place" as each is completed, and this page will be updated.

04Contact

Security questions: admin@philipereis.com · Reis Media LLC · 1000 Brickell Ave, Ste 715, PMB 1696, Miami, FL 33131, USA.