Security · Reviewed with your team

Production data,
protected by design.

Briefs, budgets, contracts and masters carry real commercial value. CINEOS COMMAND is built around project isolation, role-scoped access and a full audit trail — with humans required for every consequential action.

Controls

What's enabled today.

This page is maintained by CINEOS to answer common security questions about CINEOS COMMAND. It describes app-visible controls in production today. It is not a certification.

Project isolation

Row-level security scopes every read and write to the owning company and project.

Private storage

Uploads land in private buckets; access requires an authenticated, scoped signed URL.

Encrypted uploads

Files encrypted in transit (TLS) and at rest on the storage layer.

Role permissions

Owner, admin, producer and freelance roles — enforced server-side, not in the UI.

Audit logs

Actor, timestamp and payload recorded for sensitive actions.

JWT sessions

Short-lived tokens with server-side validation on every request.

API security

Rate limits, scoped keys, per-request validation on server functions.

Daily automated scans

Automated security review across schema, policies and configuration.

Security history

Every scan archived with findings, resolutions and comparisons over time.

Admin center

Owners and company admins trigger rescans and review current posture in-app.

Suspicious activity

Signals surfaced when access patterns deviate from a project's expected baseline.

GDPR-ready

Data hosted in the EU. DPA template and subprocessor list available on request.

Human approval
AI accelerates. Humans decide.

No export, sign-off or external send is triggered without an authenticated producer confirming the action. Copilot proposes; humans approve.

Report a vulnerability
security@cineosai.com

Coordinated disclosure. Acknowledged within 48 business hours. PGP key on request.

Not a certification

Full procurement pack — under NDA.

Security overview, DPA template, subprocessor list, incident response contact and access-control documentation sent on request.