Security

We take the security of your data seriously. Here's how we protect your account and content.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (SSL). Your connection is secured end-to-end.

Encrypted Storage

All sensitive data at rest is encrypted. Passwords are hashed with bcrypt (cost factor 12) — never stored in plain text.

Secure Infrastructure

Deployed on Vercel with enterprise-grade cloud security. DDoS protection, CDN-level caching, and automatic threat detection.

Authentication

JWT-based sessions with 7-day expiry. HttpOnly session management. Rate limiting on auth endpoints prevents brute-force attacks.

Access Controls

Role-based access control. Employees do not have access to user data unless required for support. All access is logged.

Vulnerability Management

We run automated security scanning on our codebase. Dependencies are kept up to date. Known vulnerabilities are patched within 48 hours.

Compliance & Standards

GDPR compliant — EU data subject rights supported

Australian Privacy Act 1988 compliant

SOC 2 Type II controls in place for infrastructure

PCI-DSS compliant payment processing via Stripe

Regular third-party penetration testing

Payment Security

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. Your full credit card number is never stored on our servers — only a secure token from Stripe.

We support Visa, Mastercard, American Express, and Apple Pay. All transactions are encrypted and processed through Stripe's secure infrastructure.

Report a Vulnerability

If you discover a security vulnerability, please report it to security@ugcstudio.com with details. We respond to all reports within 24 hours and aim to resolve critical issues within 72 hours. For qualifying vulnerabilities, we offer recognition in our security hall of fame.

Report a Vulnerability