Security posture

The new platform uses Supabase Auth, Postgres row-level security, private storage buckets, and service-restricted billing and job mutation paths.

Encounter processing is queue-based. The web app writes intent, while the worker performs transcription and note generation with provider metadata captured on each job.

Audit-oriented tables exist for workspace events, billing synchronization, and processing failures so operational review no longer depends on ad hoc logs.