Security and Compliance
Operational guidance for secrets, auditability, data minimization, retention, and incident response.
8 min read•Enterprise Operations
Secrets and Key Management
Store API keys and service credentials in secret managers, rotate on a fixed cadence, and scope keys by environment.
- - Separate prod and non-prod credentials
- - Rotate keys at least every 90 days
- - Immediately rotate keys after personnel changes
Audit Readiness
Log all mutating actions with actor identity and maintain tamper-evident audit trails for governance evidence.
Privacy Guardrails
Enable consent-gated telemetry and redact PII from custom events before ingest.
Never send raw email, phone numbers, payment data, or government identifiers through SDK event payloads.