Security Overview
Security model
Phantom Ledger uses tenant-scoped object keys, authenticated access, Argon2 password hashing, CSRF protection, signed Stripe webhooks, private production storage, HTTPS requirements, security headers, and tamper-evident audit events.
Document controls
Uploads receive extension, content-signature, size, duplicate-hash, ZIP expansion, and tenant-isolation checks. Optional ClamAV and OCR services are surfaced honestly in readiness status.
Evidence integrity
Source SHA-256 hashes, report manifests, HMAC signatures, page references, scoring reasons, and event-chain hashes preserve traceability.
Abuse controls
Evaluation access uses one-way hashed locks, configurable Turnstile verification, and database-backed application rate limits. Raw evaluation IP addresses are not persisted.
Incident reporting
Security concerns should be sent to the configured legal or privacy contact. Production sale remains blocked until those contacts are configured.