Security Overview

1. Architecture boundary

• Core payroll processing runs in local browser extension runtime.
• SIF preparation and validation execute without remote payroll parsing by default.
• Operational services are separated by domain and function.

2. Network surface

Extension network calls are limited to licensing and checkout service domains required for activation and payment workflows. Payroll workbook data is not uploaded by default extension flows.

3. Security controls

• Least-privilege browser permission model.
• Endpoint allowlist and fail-closed configuration handling.
• Release hardening with automated pre-submission checks.

4. Shared responsibility

Product controls do not replace enterprise endpoint security, identity governance, or legal compliance obligations of the operator organization.

5. Contact

Security inquiries: support@starwealthdynamics.org