B2BEA.org Rebuild security-privacy-spec
internal prototype · canonical JSON + Dreamborn Forge HTML
internal generated
security-privacy-spec · supabase_json

B2BEA.org Rebuild security-privacy-spec

security-privacy-spec artifact · for B2BEA.org Rebuild · status draft

Planning Surface

Use this to decide what happens next.

Status

draft

Agent Handoff
Start Here

security-privacy-spec artifact · for B2BEA.org Rebuild · status draft

Completion Evidence

No explicit evidence field yet. Require tests, screenshots, linked PRs, or reviewed outputs before marking complete.

Artifact Shape
  • source: atlas-codex
  • status: draft
  • project: B2BEA.org Rebuild
  • version: 1
  • filename: docs/specs/2026-05-08-b2bea-org-security-privacy-spec.md
  • project id: a820dd0c-6cef-4133-bfbd-d802fd806e44
  • generated at: 2026-05-08
  • artifact type: security-privacy-spec
Source Body

Full legacy body rendered for humans

B2BEA.org V1 Security Privacy Spec

Source of record: RedKey local project artifact draft.

  • Project: B2BEA.org Rebuild
  • Project ID: a820dd0c-6cef-4133-bfbd-d802fd806e44
  • Artifact: security-privacy-spec
  • Version: 1
  • Status: draft
  • Generated: 2026-05-08

Purpose

Define the minimum security, privacy, ownership, export, and audit requirements for B2BEA.org V1 implementation.

Core Rules

  • Client state never grants authorization.
  • Every protected read and mutation must validate session, role/entitlement, and resource ownership server-side.
  • Vendor, company, and member data must be scoped to the owning account.
  • Public projection changes require review/audit where external users can affect public content.
  • Exports require explicit authorization, scope limits, expiration, and audit events.
  • Private practitioner company workspace data must not be exposed publicly in V1.

Protected Data Classes

| class | examples | rule |

| --- | --- | --- |

| public_content | published articles, public vendor profiles, public events | Public if published and not archived. |

| account_identity | auth user, linked identities, email | Own account or admin only. |

| member_private | profile drafts, progress, saved items, account settings | Own member or authorized admin only. |

| vendor_private | vendor workspace edits, leads, analytics, team | Own vendor account or authorized admin only. |

| company_private | roster, seats, assignments, jobs drafts, exports | Own company account or authorized admin only. |

| admin_operational | review queues, internal notes, platform analytics | Authorized admin only. |

| payment_billing | Stripe state, invoices, renewal notes | Authorized owner/admin; secrets never exposed. |

| survey_response | response data, respondent identity, exports | Scoped by survey policy, owner, assignment, and export permission. |

Audit Events

Audit required for:

  • admin publish/archive/rollback
  • vendor submitted public-profile changes
  • B2BEA approval/rejection of external submissions
  • entitlement, seat, role, and membership changes
  • exports
  • company roster and seat changes
  • billing-related admin actions
  • deletion/anonymization requests
type AuditEvent = {
  actorId: string;
  actorRole: string;
  action: string;
  resourceType: string;
  resourceId: string;
  accountScope?: string;
  decision?: AccessDecision;
  metadata?: Record<string, unknown>;
  createdAt: string;
};

Export Policy

  • Vendor exports: own leads/analytics only.
  • Company exports: own roster/progress/assignment/reporting only.
  • Admin exports: allowed for authorized admins, with audit events.
  • No raw platform-wide cross-account data in vendor/company exports.
  • Export URLs must expire.
  • Respondent-level survey data in vendor/company reporting requires explicit policy approval per survey.

Rate And Abuse Controls

Minimum controls for launch:

  • contact/application/form submission rate limit
  • login/signup abuse protection through auth provider settings
  • resource download throttling for anonymous users
  • admin/vendor/company export throttling
  • audit suspicious repeated denied access attempts

Acceptance Criteria

  • Every protected route/action maps to a data class and guard.
  • Ownership checks are server-side and testable.
  • Export and public projection actions create audit events.
  • Private company workspace cannot leak through route, sitemap, search index, or public profile behavior.
Structured Payload

Machine-readable source fields

source

atlas-codex

status

draft

project

B2BEA.org Rebuild

version

1

filename

docs/specs/2026-05-08-b2bea-org-security-privacy-spec.md

project id

a820dd0c-6cef-4133-bfbd-d802fd806e44

generated at

2026-05-08

artifact type

security-privacy-spec