Categories

Transparency and Security Updates

Security Updates 2025

In 2025, we focused on enhancing the security of media files and implementing robust permission management within our system. These updates ensure a more secure and controlled environment for managing user-generated content and access rights.

Key Security Enhancements in 2025

  • Improved Media File Security

    • Automatic Deletion Protocols: We have improved automated processes to securely delete media files once they are no longer needed or after the expiration of their retention period. This ensures that unnecessary files are promptly removed from our systems.
    • User-Controlled File Deletion: We have empowered users with enhanced control over their media files, including the option to delete files manually.
    • Enhanced Monitoring: We have enhanced the real-time monitoring of file access activities to detect and respond to any suspicious behavior.

  • Improved Roles and Permissions

    • Improved Member Roles and Permissions: We have improved and secured the permission system for Team Managers and Project Managers.
    • Improved Audit Logs: All actions related are now logged in detail, ensuring accountability and transparency.

  • Improved User Communication for Security Concerns

    • “Have a Concern? Let Us Know”: This dedicated section in the Security webpage allows users to easily report any security concerns, vulnerabilities, or feedback directly to our team.

Security Updates 2024

In 2024, we continued to enhance our platform’s security, implementing advanced measures to ensure the safety, privacy, and reliability of our services. Here’s an overview of the key security improvements we made this year:

Key Security Enhancements in 2024

  • Database Server Segregation for Enhanced Security

    To further protect user data, we separated our database servers from application servers. This ensures better security encapsulation by isolating sensitive information and reducing the risk of unauthorized access. The new architecture also allows for tighter access controls, minimizing the attack surface and improving overall system integrity.

  • Cloudflare Integration for Advanced Security

    We partnered with Cloudflare a leading web security and performance platform, to provide an additional layer of protection to our services. This integration offers:

    • Web Application Firewall (WAF) Blocks malicious traffic and defends against common attacks such as SQL injection and cross-site scripting (XSS).
    • DDoS Protection: Safeguards our platform from distributed denial-of-service attacks, ensuring uninterrupted access for our users.
    • Secure TLS Connections: Ensures encrypted communication between our servers and users, enhancing data privacy.
    • Global Content Delivery Network (CDN) Improves website performance by caching and serving content from servers closest to users.

Security Vulnerability incident on June 2024

On June 11th, we identified a potential vulnerability involving a subset of screenshots stored on our platform. While there is no evidence of unauthorized access or data theft, this issue highlighted an opportunity to strengthen our security measures. We acted promptly to address the vulnerability and ensure the safety of our users’ data.

Incident Timeline

  • Vulnerability Identified: June 11th, 2024

  • Initial Disclosure: August 13th, 2024

  • CERT Contacted: October 9th, 2024

  • Vulnerability Confirmed as Resolved by Independent Researchers: January 10th, 2025

Impact Assessment

  • Type of Data Involved: A subset of screenshots uploaded by users.

  • Number of Potentially Affected Customers: Approximately 60.

  • No Evidence of Unauthorized Access: Our investigations have not revealed any unauthorized access, data theft, or misuse related to this vulnerability.

Our Response

  • Collaborated with Volodymyr 'Bob' Diachenko,, a security researcher who responsibly disclosed the issue.

  • CERT (Computer Emergency Response Team) was contacted on October 9th, 2024.

  • Implemented short-term and long-term measures to resolve the issue, including:

    • Securing access to affected screenshots.

    • Strengthening our Amazon S3 bucket configuration.

    • Conducting a thorough review of our data storage and security policies.

Acknowledgment

We are grateful to Volodymyr 'Bob' Diachenko for his responsible disclosure and assistance in addressing this vulnerability. His proactive approach was invaluable in ensuring the swift resolution of the issue.

Moving Forward

We have taken steps to enhance our security practices and prevent future vulnerabilities:

  • Conducted a comprehensive security audit across our systems.

  • Updated protocols for handling and storing user data securely.

  • Made improvements in server and cloud configurations, API endpoints and databases.

We remain committed to protecting our users’ data and upholding the highest standards of security. If you have any questions or concerns, please share them with us here.

Security Updates 2023

In 2023, we implemented several significant upgrades to strengthen the security of our platform and services. These measures ensure a more robust, secure, and reliable experience for our customers.

Key Security Enhancements in 2023

  • Improved Code Signing Certificates

    We upgraded to advanced code signing certificates issued by DigiCert, a globally trusted Certificate Authority. This ensures that our software is securely signed and validated, preventing tampering or unauthorized modifications. Users can now download and use our software with added confidence.

  • Enhanced API Security

    Our APIs underwent a comprehensive security overhaul:

    • Authentication Improvements: Strengthened token-based authentication to prevent unauthorized access
    • Rate Limiting: Implemented rate limits to mitigate abuse and potential denial-of-service attacks.
    • Data Encryption: Ensured end-to-end encryption for all API communications, safeguarding sensitive information in transit.