No name, email, phone, or address may appear in any table outside GemStok Supabase. This is the privacy boundary that makes GDPR and RTBF manageable forever.

stone_events in TraceGems has NO UPDATE and NO DELETE policy. INSERT only. The audit chain is the platform moat. Never add update or delete policies.

The service_role key never goes to the client. Frontend uses anon key only. stone_events writes are backend service role only.

All stone images are served via Cloudflare CDN. Direct Supabase Storage URLs are never stored or served.

The 7-day cooling period after KYC approval is non-negotiable. It prevents credential laundering and cannot be waived by admin.

Fraud flag reputation penalties (-20 points) are permanent. Admin has no reversal interface. This is by design — it is what makes the score meaningful.

GS-000001 member IDs and MKV-XXXX stone IDs are permanent. Never change. Never recycled.

Polygon anchoring is NOT NFT issuance. No tradeable digital tokens issued. This design decision is permanent and cannot be reversed.