Sign in →
Governance1 min read

Governance — Overview

Privacy, audit, integrations, settings, identity. Ten pages covering everything a security or compliance reviewer needs to sign off, plus the operator surface for managing it.

Updated 2026-06-30Suggest edits
Docs Governance Overview

Governance is the section a security reviewer asks for and an audit signs off on. It covers personal-data handling, margin policy, the audit trail, gateway orchestration, third-party integrations, tenant settings, billing entities, SCIM provisioning, multi-workspace identity, and rate-limit policy. Ten pages — read what your role asks of you.

What Governance covers#

Three logical groups: privacy + compliance (Privacy Operations, Audit & Compliance), policy (Margin Guard, Rate Limit Policies), and identity + plumbing (Gateway Orchestration, Integrations, Settings, Billing Entities, SCIM, Workspace Switching). They live in one sidebar group because the same operator usually owns all of them, even if they read on different days.

Pages in this section#

Privacy & compliance

Policy

Rate Limit Policies
Per-tenant, per-key, per-endpoint rate limits. Burst + sustained windows.
Open

Identity & plumbing

Pick by role#

Different roles read different pages here. Use this table to jump straight to what your seat needs:

RolePages to read
Security reviewerAudit & Compliance, Privacy Operations, SCIM Provisioning, Privacy & GDPR Overview
Compliance / DPOPrivacy Operations, Privacy & GDPR (whole section), Audit & Compliance
Finance leadBilling Entities, Margin Guard, Audit & Compliance
Platform engineerGateway Orchestration, Integrations, Rate Limit Policies, Settings
IT admin (identity)SCIM Provisioning, Workspace Switching, Settings
Owner / Admin (everyone above)All of the above. Settings is the gate; SCIM + Workspace Switching is most often the access ticket.

What is internal vs. external#

Some pages here drive what an end-customer sees on the storefront; others are purely operator-facing. Knowing which is which prevents accidents:

PageAffects end-customer experience?
Privacy OperationsYes — DSR responses + breach notifications reach the customer.
Audit & ComplianceNo — internal log only.
Margin GuardYes in BLOCK mode — the customer's next request returns 429. OBSERVE mode is silent.
Rate Limit PoliciesYes — 429s land on the customer when limits are exceeded.
Gateway OrchestrationNo — internal plumbing.
IntegrationsIndirect — ERP integration affects invoice delivery cadence.
SettingsSome toggles change storefront behaviour (locale, currency defaults).
Billing EntitiesYes — appears on the invoice the customer receives.
SCIM ProvisioningYes — affects who can log into your storefront portal.
Workspace SwitchingNo — operator UX only.
WARNING
Changes in Settings, Billing Entities, and Margin Guard can land on a live customer instantly. Stage them in sandbox first when the change is non-trivial, and read the relevant page's "destructive actions" section before flipping a switch in production.
  • Privacy & GDPR — conceptual reference for the model that drives Privacy Operations.
  • Operations — what to watch when policy changes (alerts, event log, metering health).
  • Admin Panel — member invites + API key management (operator account management lives there).