Security Policy

Last updated: July 1, 2026

1. How Data Is Protected

We prioritize the protection of your studio's creative IP. Our defensive layers include:

  • Strict Row Level Security (RLS) enabled on all PostgreSQL database tables.
  • Automated vulnerability scanning and dependency updates.
  • Firewalls and Virtual Private Cloud (VPC) isolation for core database infrastructure.

2. Authentication

We implement secure session management and authentication protocols:

  • Hashing of passwords using bcryptjs with strong salt factors.
  • JWT-based session verification with short expiration windows.
  • Support for OAuth 2.0 third-party authentications (Google, Discord, etc.).

3. Encryption

Encryption protects your data during storage and transfer:

  • In Transit: Forced HTTPS using TLS 1.3 cryptography.
  • At Rest: Full-disk storage encryption using AES-256 standards.
  • Integrations: Secret keys and passwords are encrypted using database-level pg_crypto functions.

4. Backups

To prevent data loss, we run robust recovery policies:

  • Nightly automated database snapshots.
  • Multi-region redundant copies of media assets in secure storage buckets.
  • Continuous monitoring of backup integrity and recovery runbooks.

5. Infrastructure

Our servers are hosted in high-availability data centers managed by leading cloud providers (AWS and Supabase):

  • Primary servers located in Frankfurt/Dublin (EU West) regions.
  • Global content delivery network (CDN) edge routing.
  • Physical security controls at data centers conforming to ISO 27001 standards.

6. Responsible Disclosure Contact

We welcome security researchers. If you identify a vulnerability, please disclose it to us responsibly by contacting:

Email: security@studio-os.cloud