Governance

Security, privacy and responsible operations.

Enterprise platforms need governance. HMG v7 documents practical controls using free tools.

Admin login through Supabase Auth. Recommended production policy: restrict writes to approved admin IDs.

Do not store sensitive learner records in public CMS pages. Use backup keys carefully.

Admin actions are logged locally and optionally to Supabase audit table.

CMS JSON export, local JSON export, Supabase backup and Git version control.

No student data is sent to paid AI APIs. Human educators control content and decisions.

Export data, rotate Supabase keys if needed, unpublish affected pages and redeploy static files.