In plain terms, customer data is something we carry through the life of the product: what comes in from integrations, what we derive for insight, and how long it still makes sense to keep. Retention and the exact shape of subsystems will change as we ship more. When we write it down for customers, it will match what we actually run.
Integrations should use scoped credentials where the platform allows. We want to avoid broad access when a narrower scope does the job. That goes for Ember talking to third-party tools and for how we split paths internally as the team grows.
Stronger separation between tenants is how we expect the platform to mature. We are not spelling out a tenancy design here because it is still in motion. Deeper architecture or trust notes will describe what we ship, not what we hoped for early on.
Logging and traceability matter for running the service well and for helping customers see what happened in an incident. We plan to improve operational visibility as Ember scales, as part of running something real, not as a tagline.