Security at ScriptMotion

We take the security of your data, content, and brand assets seriously. Here's how we protect your information.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. API keys and secrets are stored in encrypted vaults.

Access Controls

Role-based access control (RBAC) at the brand level. Row Level Security (RLS) policies on every database table ensure multi-tenant isolation.

Infrastructure

Hosted on Supabase (backed by AWS). SOC 2 Type II compliant infrastructure. Automated backups with point-in-time recovery.

Incident Response

Documented incident response procedures with defined severity levels. Breach notification within 72 hours per GDPR requirements.

Authentication

Supabase Auth with secure session management. Support for email/password and OAuth providers. Rate limiting on all authentication endpoints.

Data Handling

AI model requests contain only the minimum data needed for generation. Generated content is stored in isolated, per-organization storage buckets.

Responsible AI

We work with established AI model providers (Google, OpenAI, Runway, Kling AI) who maintain their own safety filters and content policies. ScriptMotion enforces additional content guidelines through our Acceptable Use Policy.

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to security@scriptmotion.ai. We investigate all reports and aim to acknowledge receipt within 24 hours.

Compliance

ScriptMotion is designed with GDPR and data protection in mind. We offer a Data Processing Agreement for business customers. Our infrastructure providers maintain SOC 2 Type II, ISO 27001, and other relevant certifications.