Start Free

Security

Last updated: February 27, 2026

Our Commitment

Security is foundational to BrandStudio. We handle sensitive data — photos, face recognition data, guest information — and we take that responsibility seriously. Here's how we protect it.

Data Encryption

In Transit

All communication between clients and our API uses HTTPS with TLS 1.2+. HSTS headers enforce HTTPS on all connections. WebSocket connections use WSS (encrypted WebSocket).

At Rest

Photos are stored on Cloudflare R2 with server-side encryption. Face recognition embeddings are encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256). Sensitive company credentials (Twilio tokens, Postmark keys) are encrypted in the database.

Passwords

User passwords are hashed with bcrypt (cost factor 12). We never store, log, or transmit plain-text passwords.

Access Control

  • Role-based access: 7-tier role hierarchy (Owner, Admin, Event Manager, Photographer Lead, Photographer, Assistant, Client) with detailed permissions
  • JWT authentication: Stateless tokens with configurable expiration
  • Two-factor authentication: TOTP-based 2FA with backup codes available for all accounts
  • Event-level permissions: Team members can have different roles per event
  • API rate limiting: Enforced on all sensitive endpoints to prevent abuse

Face Recognition Privacy

Face recognition is a sensitive capability. Our safeguards:

  • Face recognition is opt-in per event — it's never enabled by default
  • Guests can opt out of face matching at any time
  • Face embeddings are mathematical representations, not photographs — they cannot be reverse-engineered into a face image
  • All embeddings are encrypted at rest with Fernet encryption
  • Face data can be deleted at any time through the admin dashboard
  • We do not use face data for any purpose other than matching photos to registered guests at your events

Infrastructure

  • Application hosting: Railway (US data centers, SOC 2 Type II)
  • Photo storage: Cloudflare R2 (global edge network, S3-compatible)
  • Database: PostgreSQL with encrypted connections
  • CDN: Cloudflare with DDoS protection
  • Payments: Stripe (PCI DSS Level 1 certified) — we never handle card numbers

Audit Logging

All significant actions are logged in our audit system, including:

  • Authentication events (login, logout, password changes)
  • Team member changes (invites, role updates, removals)
  • Data modifications (event creation, photo deletion, settings changes)
  • Face recognition operations (enabling, processing, deletion)

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly. Contact us at security@brandstudiohq.com. We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities promptly.

Please do not publicly disclose vulnerabilities before we've had a chance to address them.

Questions

Security questions? Contact us at security@brandstudiohq.com.