General
Startup MVP baseline
Lightweight MFA, rate limits, and PII masking — ship fast without leaving compliance behind.
What this package does
A minimal governance baseline for startups and MVPs that need to move fast but don't want compliance debt. MFA on all sessions, sensible rate limits to prevent abuse, PII masking before logs, and a 90-day audit trail. Start here and upgrade to an industry-specific package when you're ready.
Designed for
- Early-stage startups shipping AI features
- MVPs and prototypes with real users
- Founders who want a compliance starting point
What's included
- MFA on all sessions (30-minute grace)
- Rate limit: 300 req/min per endpoint
- PII masking before any log destination
- 90-day audit trail (upgrade to extend)
Controls in this bundle
Profile tiers
Switch profiles in Studio to retune default thresholds across the whole bundle without rewriting any control by hand. This package ships at recommended — anything you've already tightened by hand is preserved on switch.
Every control in this package uses identical parameters across all four profiles. Switching profile in Studio has no effect here.
Attestation
The canonical hash of these bundle bytes is sha256:36ef52cbd13f96857bf9397d6b74fc0b48e48537f7b75ae4af0694d5fb3087f6. The same hash is computed at lock time, at Stripe checkout, and again on the runtime side before any byte is honored.
Want to customize first? Opening this package in Studio prefills the canvas with the 5 controls above. You can add, remove, or retune any of them before you lock the hash and pay.