Unified data.
Operational clarity.
Stronger outcomes.

Salsation Data Cloud is the internal command layer for commerce, marketing, finance, operations, and community intelligence across the Salsation ecosystem.

Security posture

Admin-created users only, explicit server-side authorization, and audit logging for privileged actions are required platform rules.

Internal access

Welcome back

Sign in is now active for admin-created internal users. This route issues an HTTP-only session cookie and the API validates permissions on every protected request.

Local development requires seeded credentials. Set `SEED_SUPER_ADMIN_EMAIL` and `SEED_SUPER_ADMIN_PASSWORD`, run the migration script, then sign in with that account.

Data freshness

Authentication and RBAC are live. Commerce, marketing, and finance data still depend on later sync and metrics phases.

Session scope preview

Admin-created users only

Server-side auth and RBAC enforced

Audit logs for sensitive admin writes

Protected shell

What Build Order 2 adds

The application now has a real protected shell, role-aware navigation, an admin users screen, and permission-aware blocking for unauthorized users.

Session

HTTP-only cookie-backed authentication for internal users

Permissions

Server-side guards on auth, admin, and audit endpoints

Audit logs

Sensitive admin writes produce audit records in PostgreSQL

Operational rules

Non-negotiable platform constraints

The new auth layer is built to preserve the platform rules that later dashboards and integrations must respect.

Finance data must stay permission-gated.
Warehouse and collection logic must be database-driven.
Dashboard APIs must expose freshness and quality warnings.
Sync jobs and admin writes must leave audit trails.

Seeded access

Super admin bootstrap

Build Order 2 includes migration-based RBAC seeds plus an env-driven super admin bootstrap so the platform can be entered without public signup.

Still deferred

No fake dashboards