Security is part of the main flow, not an afterthought. Video privacy, order isolation, and safe secret handling are core system requirements.
Videos live in a private Supabase bucket and are resolved through opaque tokens.
Customer viewer links are scoped to a single order and can require secondary verification.
Supabase row-level security limits data visibility to organization members.
Station locking prevents two packers from capturing evidence for the same order at once.
ShipStation keys and plugin secrets are encrypted at rest.
Webhook and callback flows use signed or secret-backed verification to reject forged requests.