Briefs, budgets, contracts and masters carry real commercial value. CINEOS COMMAND is built around project isolation, role-scoped access and a full audit trail — with humans required for every consequential action.
This page is maintained by CINEOS to answer common security questions about CINEOS COMMAND. It describes app-visible controls in production today. It is not a certification.
Row-level security scopes every read and write to the owning company and project.
Uploads land in private buckets; access requires an authenticated, scoped signed URL.
Files encrypted in transit (TLS) and at rest on the storage layer.
Owner, admin, producer and freelance roles — enforced server-side, not in the UI.
Actor, timestamp and payload recorded for sensitive actions.
Short-lived tokens with server-side validation on every request.
Rate limits, scoped keys, per-request validation on server functions.
Automated security review across schema, policies and configuration.
Every scan archived with findings, resolutions and comparisons over time.
Owners and company admins trigger rescans and review current posture in-app.
Signals surfaced when access patterns deviate from a project's expected baseline.
Data hosted in the EU. DPA template and subprocessor list available on request.
No export, sign-off or external send is triggered without an authenticated producer confirming the action. Copilot proposes; humans approve.
Coordinated disclosure. Acknowledged within 48 business hours. PGP key on request.
Security overview, DPA template, subprocessor list, incident response contact and access-control documentation sent on request.