Security
Anarion is designed to support controlled business workflows while protecting user and organizational data.
Security practices
- HTTPS is required for public app and compliance URLs.
- Administrative OAuth and integration screens are kept separate from public compliance pages.
- Access to protected backend services is restricted through identity-aware controls and service account permissions where applicable.
- Secrets and credentials are stored outside source code using managed secret storage.
- Operational logs are used for monitoring, troubleshooting, and auditability.
- Permissions are scoped to the minimum access needed for approved functionality whenever possible.
Reporting a security issue
Please report suspected vulnerabilities or security concerns to support@summit.solar with the subject line “Anarion Security”.