Security

Your data protection is foundational to how we build ShootCleaner.

1. Encryption

We use industry-standard encryption to protect your data at every layer:

  • In transit: all communications between the ShootCleaner application, our website, and our API are encrypted using TLS 1.2 or higher.
  • At rest: database records, including account and license information, are encrypted at rest using AES-256 encryption provided by our infrastructure partners.
  • License keys: license validation uses hashed machine identifiers. Raw hardware identifiers are never stored on our servers.

2. Data Storage

We follow a minimal-data philosophy:

  • Local processing: all image analysis, AI culling, and metadata operations run entirely on your local machine. Your photos never leave your device.
  • Server-side data: we store only account information (name, email), license records, and anonymous usage analytics. No image data is ever transmitted.
  • Infrastructure: our database is hosted on Supabase within the European Union, with automated backups and point-in-time recovery.

3. Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification available. Your credit card details, billing information, and financial data are sent directly to Stripe and never pass through or are stored on ShootCleaner servers.

4. Software Updates

We take the integrity of our software distribution seriously:

  • Code signing: all ShootCleaner releases are digitally signed to verify authenticity and prevent tampering.
  • Secure delivery: updates are delivered over HTTPS from verified distribution endpoints.
  • Dependency management: third-party dependencies are regularly audited and kept up to date to address known vulnerabilities.

5. Vulnerability Reporting

If you discover a security vulnerability in ShootCleaner, we encourage responsible disclosure. Please report it to security@shootcleaner.com. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly. We appreciate the security research community and will credit reporters where appropriate.