This dashboard reflects the platform's security posture as of the date shown. The control checklist is maintained by the security team; the table count and MFA status are read live from Supabase and are best-effort (they degrade gracefully if unavailable). Pending items are tracked on the compliance roadmap. For the full penetration-test scope, see PENTEST_SCOPE.md in the repository.