Hosting & network
- Core API and asset workers run on AWS within private VPC subnets.
- Ingress is fronted by Cloudflare for DDoS shielding and TLS termination.
- Internal services communicate over mutual TLS with short-lived certificates.
Security program
How we keep Genify secure
Creative teams rely on Genify for client assets, internal IP, and launch campaigns. We design every system to protect that trust. Highlights of the program are below; reach out via support for vendor questionnaires or deeper reviews.
Data protection
- All user uploads, prompts, and results are encrypted at rest (AES-256) via AWS KMS.
- Secrets (Stripe keys, model credentials) are stored in AWS Secrets Manager with rotation.
- Backups are encrypted, point-in-time recoverable, and retained for 30 days.
Access controls
- Production access is limited to the Genify core team via SSO + hardware MFA.
- Admin actions (plan changes, community moderation) are logged with user and timestamp metadata.
- Background jobs run with least-privilege IAM roles; no shared root credentials.
Application security
- Automated dependency scanning and weekly patch cadence for backend services.
- Rate limiting across auth, library, and checkout to prevent brute-force abuse.
- User-generated content passes image and text safety checks before community publication.
Responsible disclosure
If you discover a vulnerability, email security@genifystudio.com with reproduction details. Please avoid automated denial-of-service testing. We acknowledge reports within two business days and coordinate transparent fixes. Critical issues receive priority handling with follow-up in our changelog.