Security Overview
Effective date: 17 April 2026
1. Security posture
DGS applies reasonable administrative, technical, and operational safeguards designed to protect accounts, workspaces, mission content, generated artifacts, billing flows, and production infrastructure. This overview is informational and does not create a separate warranty or service level commitment.
2. Authentication and sessions
DGS supports OAuth-based authentication and product sessions. Protected routes require an authenticated product session. Session cookies are intended to be HTTP-only and secure in production deployments, with route-continuity controls for sign-in flows.
3. Workspace separation
Workspace context, billing state, runs, and artifacts are scoped to the authorized workspace. Users are responsible for inviting only authorized members and managing access appropriately.
4. Payments
DGS uses Stripe-hosted checkout where configured. Payment status is reconciled by the backend before Flux is credited. DGS should not store full payment card numbers when using Stripe-hosted checkout.
5. Infrastructure and secrets
Production deployments should use managed cloud services, protected environment variables or secret stores, encrypted transport, controlled access, logging, and operational monitoring. Public launch configurations should avoid storing sensitive secrets directly in source code.
6. Incident contact
Suspected security issues should be reported through the product or to legal@dgsengine.com. Do not publicly disclose vulnerabilities until DGS has had a reasonable opportunity to investigate and remediate.
7. No certification claim
Unless expressly stated in a signed agreement or official security report, DGS does not claim SOC 2, ISO 27001, HIPAA, PCI certification, or other formal certification.