Security

Built to be trusted

Your footage is your business. We treat it that way.

Encryption

All data is encrypted in transit with TLS 1.2+. Files stored in Cloudflare R2 are encrypted at rest using AES-256. Passwords are hashed with bcrypt and never stored in plain text.

Access Controls

Role-based access inside workspaces. Each user only accesses data they're authorized to see. API tokens are scoped per workspace. Admin endpoints require a separate owner credential.

Authentication

Short-lived access tokens (1 hour) paired with long-lived refresh tokens (30 days). Tokens are stored hashed in Redis and invalidated on logout. Rate limiting prevents brute-force attacks.

Rate Limiting

Auth endpoints enforce per-IP and per-email rate limits to prevent credential stuffing. File upload endpoints enforce workspace-level limits. All abuse patterns are logged and alerted.

Infrastructure

Hosted on Cloudflare (CDN + DDoS mitigation), Vercel, and Railway with network-level isolation. No plaintext credentials in source code. Secrets are environment variables never committed to version control.

Audit Logging

All sensitive operations (logins, file access, permission changes, billing events) are logged with timestamps and IP addresses. Logs are retained for 90 days.

Responsible Disclosure

If you discover a security vulnerability in NewFramez, please report it to us before public disclosure. We'll investigate promptly, keep you updated, and credit you for your find.

Report a vulnerabilityGeneral contact

Please allow up to 72 hours for an initial response. Do not disclose publicly until we've had a chance to address the issue.

Privacy PolicyTerms of ServiceDPA