Trust Center
BrandStudio handles event photos, guest information, and face recognition data. We take that responsibility seriously. This is the single place to see how we protect your data — and your client's.
Last updated: July 3, 2026
Encrypted in transit and at restFace data encrypted, opt-out anytimeTwo-factor authentication availableGDPR & CCPA deletion supportedSOC 2 program in progress
Security
- Encryption everywhere: TLS 1.2+ in transit, server-side encryption at rest on Cloudflare R2, Fernet encryption for face embeddings.
- Authentication: bcrypt password hashing, JWT tokens, optional two-factor authentication with backup codes.
- Access control: 7-level role hierarchy, company-scoped data isolation, rate limiting on all sensitive endpoints.
- Infrastructure: Railway (SOC 2 Type II), Cloudflare R2 and CDN, Vercel edge network, Stripe (PCI DSS Level 1) for payments.
Privacy
- Minimal data collection: we collect only what we need to deliver event photos to guests.
- No selling data: we never sell personal information to third parties.
- Face recognition: operators can disable it per event with one toggle, and guests can opt out independently. Embeddings are encrypted at rest, isolated per company, and deletable anytime.
- Analytics: PostHog for product analytics; the marketing site runs in cookieless mode.
- Data deletion: delete your data from the dashboard or email us. We honor all deletion requests.
Compliance
- SOC 2: BrandStudio itself is not yet SOC 2 certified — our compliance program is in progress. Our underlying infrastructure providers (Railway, Cloudflare, Stripe) hold their own SOC 2 certifications.
- GDPR: we support data portability and deletion requests for EU users.
- BIPA/CCPA: face recognition follows biometric data protection requirements — notice-and-opt-out per event, encrypted storage, company-isolated embeddings, full erase on request.
- DPA: we offer a Data Processing Agreement for customers who need one. Request a copy at security@brandstudiohq.com.
Data handling
- Photo storage: Cloudflare R2 (S3-compatible) with global edge delivery.
- Database: PostgreSQL on Railway with encrypted connections and automated backups.
- Company isolation: each company's data is strictly separated. No cross-account access.
- Audit logging: logins, team changes, data deletion, and face recognition actions are logged.
- Face Match runs in-house: we never send face data to an outside recognition service.
Sub-processors
The complete, current list of third-party services we rely on — what each one does and the data it touches. Kept current for security and procurement review.
View the full listReport a vulnerability
Found a security issue? Email security@brandstudiohq.com. We acknowledge reports within 48 hours and fix confirmed vulnerabilities as fast as possible.
Questions
Security or privacy questions — or a procurement review that needs answers? Email security@brandstudiohq.com or use the contact form. A real person replies.