Value Lab — Security Overview (Draft)

**Last updated:** 2025-12-25 **Audience:** Library partners (procurement) and IT/security reviewers

> This is a draft overview. It should be reviewed and updated to reflect your final infrastructure, vendors, and security posture.

1) High-level approach

Value Lab is designed with:

• role-based access controls (student / organization / admin)
• a moderated marketplace workflow (draft → review → publish)
• audit logging for key marketplace actions, with expansion to other admin actions
• minimal data collection for learning progress and submissions

2) Authentication & access control

• **Authentication**: handled via Clerk.
• **Roles**: user role is enforced server-side for protected routes and APIs (e.g., admin-only endpoints).
• **Least privilege**: organization and admin functions require explicit role checks.

3) Exposure moderation controls

Submissions are not public by default.

• Users can save a **draft**
• Users can **submit for review** (status `under_review`)
• Only admins can **publish** (status `published`)
• Admins can **reject** (status `rejected`) with a reason
• Users can **unpublish** their own published submission (status `unpublished`)

4) Auditability / logging

Value Lab records an activity log for marketplace status changes (publication, rejection, unpublish, archive).

Recommended enhancements (in progress):

• a general audit log for admin actions beyond marketplace (e.g., feedback triage)
• retention and export for audit logs (partner-dependent)

5) Data handling & privacy

For a procurement-oriented summary of what data we collect and why, see:

• `marketing_materials/Privacy_Policy.md`
• `marketing_materials/Data_Retention_and_Deletion.md`

6) Incident response (recommended)

For library readiness, we should maintain:

• a security contact channel
• internal incident response procedures (triage, containment, notification)
• a change log for security-impacting releases