%20scale(0.112)'%20fill='%23F3EEE6'%3e%3crect%20width='187'%20height='36'%20rx='10'/%3e%3crect%20y='44'%20width='187'%20height='36'%20rx='10'/%3e%3crect%20x='27'%20y='88'%20width='187'%20height='36'%20rx='10'/%3e%3crect%20y='132'%20width='187'%20height='36'%20rx='10'/%3e%3c/g%3e%3c/svg%3e){kind=small}
%20scale(0.112)'%20fill='%23F4F8FC'%3e%3crect%20width='187'%20height='36'%20rx='10'/%3e%3crect%20y='44'%20width='187'%20height='36'%20rx='10'/%3e%3crect%20x='27'%20y='88'%20width='187'%20height='36'%20rx='10'/%3e%3crect%20y='132'%20width='187'%20height='36'%20rx='10'/%3e%3c/g%3e%3c/svg%3e){kind=small}
Authenticated workspace
Client deadline operations live in the app workspace, not the public marketing sitemap.
SECURITY
Deadline risk workflows need security boundaries and evidence boundaries.
DueDateHQ separates public marketing pages from the authenticated app, keeps client operations behind the SaaS app domain, and designs deadline changes around reviewable source evidence.
This page summarizes product and operational security posture. Detailed security reviews are handled with the DueDateHQ team.
Last reviewed:
APP BOUNDARY
The public site and SaaS app have different roles.
The marketing domain is for public discovery. The app domain is for authenticated practice work, tenant data, and operational actions.
Tenant-aware API
Server procedures run through session, firm-access, tenant, and rate-limit middleware before protected business actions.
No client data in SEO pages
Public pages explain product behavior and examples; they do not expose practice client records.
OPERATIONAL CONTROLS
Evidence and audit trails are part of the control model.
Deadline changes should be explainable. DueDateHQ keeps source context, reviewer state, and action history close to the workflow.
Source evidence
Rules and alerts preserve source URL, excerpt, verification timestamp, and review status.
Human approval
Candidate changes route through review before they become firm operations.
Reversible actions
Apply, undo, and revert paths are designed for reviewable operational history.
Need a security review?
Contact the team for deployment, data handling, and security review questions.