Security & Compliance

Enterprise-grade security at every layer. Encryption at rest, tenant isolation, GDPR compliance, and full audit trails built in from day one.

SOC 2 Ready

Logical access controls and audit trails

GDPR Compliant

Data export, deletion, and consent management

Apache 2.0

Open-core — audit the source code yourself

Authentication & Encryption

Industry-standard authentication and encryption at every layer.

  • Dual authentication: JWT bearer tokens + hashed API keys
  • bcrypt password hashing with per-user salts
  • Fernet (AES-128-CBC + HMAC-SHA256) encryption for OAuth tokens at rest
  • Secure token refresh and revocation

Role-Based Access Control

Fine-grained permissions ensure the right people have the right access.

  • 4-tier role hierarchy: Owner → Admin → Member → Viewer
  • 26 granular permissions across all platform features
  • Kill switch restricted to Owner role only
  • Data export and audit restricted to Admin and above

GDPR Compliance

Full compliance with EU data protection regulations.

  • Data export — Article 20 (Right to Data Portability)
  • Data deletion — Article 17 (Right to Erasure)
  • Consent management — Article 7 (Consent Recording & Status)
  • Complete data lineage and processing records

Audit Trail

Every action is logged, attributed, and auditable.

  • Full operation logging with user ID, tenant ID, and timestamp
  • Financial audit entries with platform, amount, currency, and utilization
  • Fire-and-forget persistence for zero-impact audit logging
  • Queryable audit history for compliance reviews

Visual IP Protection

AI-generated video is scanned for intellectual property issues before delivery.

  • GPT-4o Vision keyframe analysis for every generated video
  • Celebrity likeness, copyright, and trademark detection
  • Conservative policy — ambiguous content is blocked
  • Temporary keyframe processing with automatic cleanup

Multi-Tenant Isolation

Your data never mixes with other organizations.

  • tenant_id scoping on all database tables
  • Query-level isolation — no cross-tenant data access
  • Qdrant vector collections namespaced per tenant
  • No superuser bypass of tenant scoping

SOC 2 Readiness

Built with SOC 2 compliance requirements in mind.

  • Logical access controls implemented
  • User authentication and authorization enforcement
  • 26 granular permissions in RBAC
  • Complete audit trail and change management
Trust

Built for Trust

Security isn't a feature we added — it's how we built the platform.

Your data. Your control.

Self-host on your infrastructure or trust our enterprise cloud with SOC 2 readiness.

Get Started Free

14-Day Trial · Includes $50 in AI Video Credits · No Credit Card Required