Commitments

Security

How we protect your archive and your account.

Built on infrastructure that earns its place.

We chose every component of StudioNXT because it was the right choice for protecting artists' archives, not because it was the cheapest or the most convenient.

Here is a plain account of how the platform is secured and what that means for your work.

Your data is locked to your account.

Every piece of data you create in StudioNXT, every artwork, every voice session, every contact, every document, is locked to your account at the database level. No other user can read it. No one can query your archive without authenticated, verified access. This is not a setting. It is built into the structure of the database.

Even our own team cannot access your archive in the normal course of operating the service. Access to your data for support purposes requires explicit authorisation and leaves a record.

Stored in Europe.

Your files, images, recordings, and documents are stored in Google Firebase Storage in the European Union. Not on US servers. Not wherever is cheapest. In the EU, governed by European data protection law.

Your archive data is stored in Firestore, a database that enforces access rules at every read and write. The rules are written to ensure only you can access your data, and they are tested and reviewed regularly.

Protected in transit and at rest.

All data transmitted between your device and StudioNXT is encrypted over HTTPS. Your files are encrypted at rest in Firebase Storage. Authentication tokens are never stored in cookies or logged in error reports.

When you sign in, the session is managed by Firebase Authentication, one of the most widely deployed authentication systems in the world. We do not store your password. We do not have access to it.

Monitored without capturing your content.

We use Sentry to detect and respond to technical errors. Error reports tell us what page an error occurred on and what went wrong technically. They do not include your archive content, your artwork data, or your authentication credentials.

Sentry is configured to strip all authorisation headers from error events before transmission. Error data is stored on Sentry's servers in Germany.

Rate-limited to prevent abuse.

All public and authenticated API endpoints are rate-limited using Upstash Redis. This protects the platform against automated abuse and ensures the service remains available for everyone using it legitimately.

What we will never do.

Store your password

Authentication is handled by Firebase. We never see your password and have no way to retrieve it.

Log your content

Error monitoring systems are configured to capture technical data only. Your archive content does not appear in any log.

Share access with third parties

Sub-processors receive only the minimum data needed to provide their specific function. No third party has general access to your archive.

Use insecure transfers

All connections are encrypted. Unencrypted communication with StudioNXT is not possible.

If you find a problem.

If you discover a security issue, please write to us at contact@studionxt.art. We take every report seriously. We will respond, investigate, and act.