Security
Trust, by design.
How we capture, isolate, and handle your product surface and data.
- 01Capture isolation
- Authenticated captures run inside ephemeral, single-tenant browser sessions. Sessions are destroyed at the end of capture. No persistent cookies. No shared infrastructure.
- 02Credentials
- Credentials are entered live by you inside the secure session. We do not store production passwords. SSO and OAuth flows are supported. Use a demo or staging account whenever possible.
- 03Sensitive content
- Captures are scanned for PII and sensitive UI before they enter the storyboard. Flagged screens require human approval in the review board before render.
- 04Data residency
- Default region is EU (Paris). US and APAC regions available on Pro and above. Custom residency available on Enterprise.
- 05Identity and access
- Email, Google, and GitHub auth out of the box. SAML and OIDC SSO on Enterprise. Audit logs for every render and every publish action.
- 06Compliance
- SOC 2 Type I in progress. GDPR aligned by default. DPA available on request. Sub-processor list public on this page.
Security questions? Email security@buildyourdemo.com.