Built like the brand pages it ships.
Calm engineering, careful defaults, and zero shortcuts on the things that protect creator data.
Encrypted in transit and at rest
TLS 1.3 for every request. Database, storage and backups encrypted with AES-256.
Server-side entitlement checks
Every billing or feature gate runs on the server. The client is never trusted.
Row-Level Security on every table
Postgres RLS is enabled on day one — even during development. No exceptions.
Token-scoped private shares
Private creator pages issue short-lived tokens with passphrase gates.
Country-level access controls
Creators can restrict their pages to specific countries with edge-evaluated rules.
Quarterly third-party audit
We schedule independent reviews of our auth, billing, and storage flows every quarter.
Audit log for every sensitive action
Sign-ins, password changes, page visibility changes, and admin actions are append-only.
Verified outbound email
DKIM, SPF and DMARC aligned. Bounce and complaint handling on every send.
Compliance posture
Practical, transparent, and honest about where we are on the journey.
GDPR
Compliant. Data subject requests handled within 30 days.
CCPA
Compliant. Sale opt-out is irrelevant — we never sell user data.
SOC 2 Type II
In progress. Targeting completion before public launch.
Ready to look the part?
Build a brand-ready kit in five minutes. Free forever — upgrade when you book.