Información legal
Security policy
Public summary of security measures aligned with TRACEA architecture. No sensitive operational detail.
- Version
- 1.1.0
- Effective date
- 2026-06-22
- Updated
- 2026-06-22
Access control
Each API request is authenticated and authorized by case and role.
Technical support operates with documented minimal access: it cannot read private conversations or download evidence.
Roles
Effective permissions depend on case role (USER, LAWYER, MEDIATOR, AUTHORIZED_ADULT, COURT_VIEWER/EXPERT).
Lawyers act as professional observers: read and export only, without mutating messages, expenses, or evidence.
Traceability and audit
Relevant professional queries generate audit records with user, case, resource, action, IP, and UTC timestamp.
Probatory events are recorded append-only in the case documentary chain.
Document integrity
SHA-256 hashes are computed on the server; clients cannot impose a precomputed hash on the evidence vault.
Probatory documents are created as immutable; altering registered content or hash triggers detectable inconsistencies.
Exports and evidence
Exports reuse the unified professional case legal dataset; they include manifest and verification data per export type.
Binary files are stored on deployment filesystem under controlled paths; direct access without authorization is blocked.
Public limitations
This document does not describe internal topologies, credentials, firewall rules, or incident response procedures.
PENDING DEFINITIVE POLICY: formal coordinated vulnerability disclosure program and dedicated security contact.