Skip to main content
Security

Security you can trust

Your photos and data are protected by enterprise-grade security. We take security seriously so you don't have to worry.

How we protect your data

Encryption in Transit

All data is encrypted using TLS 1.3 during transmission. We enforce HTTPS across all connections.

Encryption at Rest

Photos and data are encrypted at rest using AES-256 encryption on enterprise-grade cloud infrastructure.

Access Controls

Role-based access control (RBAC) ensures users only access what they need. Event-level permissions for galleries.

AI Content Moderation

Automatic detection and filtering of inappropriate content before it appears in galleries.

Global Infrastructure

Hosted on Cloudflare and Vercel edge networks with automatic failover and DDoS protection.

Incident Response

24/7 monitoring with automated alerting. Documented incident response procedures.

Compliance & Certifications

GDPR Compliant

Full compliance with EU General Data Protection Regulation. Data processing agreements available.

CCPA Compliant

California Consumer Privacy Act compliant. Users can request data deletion at any time.

SOC 2 Type II

Our infrastructure providers maintain SOC 2 Type II certification.

Our security practices

  • Regular security assessments and penetration testing
  • Secure software development lifecycle (SSDLC)
  • Dependency vulnerability scanning
  • Employee security training
  • Background checks for all team members
  • Principle of least privilege access
  • Multi-factor authentication for all admin access
  • Regular backup and disaster recovery testing

Data handling

Photo Storage

Photos are stored on Cloudflare R2, an S3-compatible object storage service with built-in encryption and global distribution.

Database

User data is stored in Supabase (PostgreSQL) with row-level security, encryption, and automatic backups.

Data Retention

Free accounts: 90 days after event. Paid accounts: As long as subscription is active. Data deletion available on request.

Data Location

Primary data storage in US regions. EU data residency available for enterprise customers.

Responsible Disclosure

We appreciate the work of security researchers who help keep Picsui safe. If you discover a security vulnerability, please report it to us responsibly.

Report a vulnerabilityPrivacy Policy

Need more information?

For enterprise security questionnaires, SOC 2 reports, or custom security requirements, contact our security team.

Contact security team