Skip to content
VIZUAL LIVE

// TRUST

Security & data protection

VIZUAL LIVE handles live audio, video and viewer data on behalf of creators and their audiences. Here is how we protect it — and how to reach us if you spot something we missed.

Encrypted in transit & at rest

All traffic uses TLS 1.2+. Recordings, exports and database content are encrypted at rest with AES-256. WebRTC media between studio participants is DTLS-SRTP encrypted end-to-edge.

Authentication & access

Email + password with HIBP-leaked-password screening and Google OAuth. Roles are stored in a dedicated table with security-definer checks. Session enforcement prevents concurrent device hijacking.

Infrastructure

Postgres + storage on Supabase (EU/US regions). Real-time media on LiveKit's global SFU. Edge compute on Cloudflare Workers. Daily encrypted backups with point-in-time recovery up to 7 days.

Row-level security

Every customer table is protected by Postgres RLS policies — no application code can bypass tenant isolation. Public read access is opt-in per resource (e.g. published VODs, live channels).

Payments

Subscriptions and tips are processed by Stripe. We never store card numbers or CVCs. Webhook signatures are verified for every billing event.

Responsible disclosure

Found a vulnerability? Email security@vizuallive.com with reproduction steps. We acknowledge within 48 hours and will credit you publicly on request after a fix ships.

Sub-processors

See the full list with regions and purpose on our Privacy Policy. We notify customers of material changes via the dashboard and the announcements feed.

Incident response

We target 1-hour acknowledgement and 24-hour customer notification for any confirmed breach affecting personal data. During active incidents we post updates to security@vizuallive.com subscribers and in-app announcements.

Data subject requests

You can export or delete your account data from your dashboard. For GDPR / CCPA requests outside the self-service flow, email privacy@vizuallive.com.

Contact