CEMFORGE

Data Handling

Effective 2026-06-08. This page describes the current CEMFORGE gateway behavior.

Storage boundary

The gateway stores wallet, payment, compliance, and operational usage metadata. It does not store full formulation request payloads or returned formulations by default. Customer-held trace IDs are the default reproducibility receipt.

Security controls

  • Platform secret stores for provider keys and webhook secrets.
  • Hashed API keys and device tokens; plaintext shown once only.
  • Signed Stripe webhook verification and event idempotency.
  • Trade-compliance attestation and CSL screening before API activation.
  • Operator routes protected by the operator key and designed to return redacted status.

Traceability

Responses include LOGiMIX trace and fingerprint metadata so customers can compare stable formulation fingerprints across the same public model release and Open3DCP schema without requiring Sunnyday to retain customer payloads.

Incident response

If a secret may be exposed, Sunnyday rotates affected credentials, verifies service health, and records the incident without storing secret values in tickets or public artifacts.