Compliance

Role matrix

This matrix defines the intended responsibility split for least-privilege reviews and access governance.

End user

Own data and workspaces

Tenant-scoped to the active organization.

Organization admin

Members, invites, billing, and org settings

Requires MFA step-up.

Support operator

Support tickets and compliance requests

Access should be audited and limited.

Compliance owner

DSAR, retention, DPIA, and breach handling

Owns evidence updates.

System operator

Health, queue, backups, and incidents

Least-privilege operational access.