Practical trust for operator workspaces
The basics, stated plainly: how workspaces are isolated, how you authenticate, how platform tokens and media are protected, and how to report an issue.
Last updated June 4, 2026
01Workspace isolation
Channel worlds, session packages, catalog tracks, and generated assets are scoped to your operator workspace. The API checks your workspace on every request, so one operator’s data is not reachable from another’s.
02Authentication
You sign in with email and password through our authentication layer. Passwords are stored as salted hashes, never in plain text; sessions use secure, signed cookies in production; and we support email verification. Keep your credentials private and remove collaborators who no longer need workspace access.
03Encryption
All traffic runs over HTTPS, with HTTP Strict Transport Security enforced. Sensitive platform credentials — your YouTube OAuth access and refresh tokens and your live-stream keys — are encrypted at rest with authenticated encryption (AES) before they’re written to the database.
04Live streaming and YouTube
Stations stream into your own YouTube channel through a broadcast-scoped connection — it grants live streaming and uploads to the channels you connect, not account access, and can be revoked or rotated at any time. Because each broadcast runs on your own channel, a copyright strike affects only that channel and never pools across other operators.
05Storage and media delivery
Generated media lives in private object storage. Images are served through signed, same-origin URLs; audio, video, and export bundles use short-lived presigned links. Final renders expire automatically about seven days after they’re produced, limiting how long finished media is reachable.
06Application hardening
The app sets strict security headers — Content-Security-Policy, HSTS, X-Frame-Options, content type no-sniff, and referrer and permissions policies — and applies rate limiting on sensitive endpoints and input validation across the API.
07Monitoring and recovery
We monitor the service for errors and availability, and logs are written to avoid storing personal data such as email addresses in plain text. We don’t claim controls or certifications we haven’t actually implemented — automated database and object-storage backups are being established ahead of general availability.
08Report a vulnerability
Email [email protected] with the affected route, workspace context, and enough detail to reproduce the issue without exposing secrets. We investigate good-faith reports and won’t pursue researchers who follow responsible disclosure, avoid privacy violations, and don’t disrupt the service. For how we handle the data behind these protections, see Privacy.
