VolteraForge

Last updated: July 8, 2026

Security Overview

Security foundations and current production boundaries.

This is practical product policy copy for V1 readiness and is not formal legal advice. Qualified legal review is recommended before broad paid public launch.

Current Safeguards

VolteraForge uses authenticated contractor workspaces, active-company scoping, role-aware route guards, private drawing storage, protected file access routes, upload validation, checksum metadata, and audit logging.

Local and off-server database backups are configured, and a guarded non-production restore verification was completed on 2026-07-12 without touching production data. Health-check cron and a safe health endpoint are connected.

File Security

Drawing uploads support PDF, PNG, JPG/JPEG, and WEBP validation with size limits and checksum metadata. Public customer file downloads are not enabled by default.

Production ClamAV scanning is configured for new drawing uploads. Legacy unscanned files remain clearly labeled, and quarantine review automation remains future-only unless separately configured.

Audit And Monitoring Limits

New selected audit events include a tamper-evident hash-chain foundation. External WORM/KMS/notarized audit storage remains future-only.

External uptime alerting and error capture provider setup remain operational hardening items unless configured separately.