Security & privacy

High-level overview of roles, permissions, and data handling.

Roles

Manager: runs team workflows and sees team data based on permissions.
Director: higher-level visibility and planning-oriented capabilities.
Employee: access to own tasks and data.

Data handling

Minimization: the UI should consume safe-by-default DTOs (no raw models).
Tenant isolation: all business data is scoped by tenant.

Logging & audit

Avoid logging tokens/PII; audit should record minimal deltas and allowlisted action keys.