Security Policy
Last updated: July 1, 2026
1. How Data Is Protected
We prioritize the protection of your studio's creative IP. Our defensive layers include:
- Strict Row Level Security (RLS) enabled on all PostgreSQL database tables.
- Automated vulnerability scanning and dependency updates.
- Firewalls and Virtual Private Cloud (VPC) isolation for core database infrastructure.
2. Authentication
We implement secure session management and authentication protocols:
- Hashing of passwords using bcryptjs with strong salt factors.
- JWT-based session verification with short expiration windows.
- Support for OAuth 2.0 third-party authentications (Google, Discord, etc.).
3. Encryption
Encryption protects your data during storage and transfer:
- In Transit: Forced HTTPS using TLS 1.3 cryptography.
- At Rest: Full-disk storage encryption using AES-256 standards.
- Integrations: Secret keys and passwords are encrypted using database-level pg_crypto functions.
4. Backups
To prevent data loss, we run robust recovery policies:
- Nightly automated database snapshots.
- Multi-region redundant copies of media assets in secure storage buckets.
- Continuous monitoring of backup integrity and recovery runbooks.
5. Infrastructure
Our servers are hosted in high-availability data centers managed by leading cloud providers (AWS and Supabase):
- Primary servers located in Frankfurt/Dublin (EU West) regions.
- Global content delivery network (CDN) edge routing.
- Physical security controls at data centers conforming to ISO 27001 standards.
6. Responsible Disclosure Contact
We welcome security researchers. If you identify a vulnerability, please disclose it to us responsibly by contacting:
Email: security@studio-os.cloud