# Majority Engine Security Summary

Majority Engine is designed for campaign cashflow planning data, which can be sensitive. Security controls should protect account access, campaign workspaces, imports, exports, and operator review.

## Core Practices

Majority Engine uses or is designed to use:

- managed sign-in for hosted access;
- verified email before workspace access;
- role-based access for campaign workspaces;
- server-side checks before returning campaign data;
- private database storage for hosted campaign data;
- operator review before new users receive workspace access;
- backups and restore planning;
- limited logging that avoids passwords, secrets, and unnecessary sensitive payloads.

## What Majority Engine Does Not Need

Users should not enter bank usernames, bank passwords, payment processor passwords, private keys, or other credentials into Majority Engine.

## Operator Access

Operator access is restricted and intended for administration, support, security review, account review, and product operations.

## Reporting Concerns

If you believe an account, workspace, import, export, or login has been exposed incorrectly, contact the Majority Engine operator or support contact that provided your account access.