ActorBook Security

Security & Privacy

Your work is your livelihood. ActorBook is built to protect it. Here's how we keep your scripts, recordings, and personal information safe.

Encryption & Data Protection

  • All data is encrypted in transit using TLS 1.3 — every connection between your browser and our servers is secured.
  • Data at rest is encrypted with AES-256 via Google Cloud infrastructure.
  • Files are stored in user-scoped paths — no other user can access your data.

Authentication & Account Security

  • Secure authentication powered by Firebase with server-side JWT verification on every request.
  • Optional two-factor authentication (2FA) for an extra layer of account protection.
  • Google Sign-In available as a secure, delegated authentication option.
  • Sessions managed via secure, short-lived tokens that refresh automatically.
  • Password strength requirements enforced at signup.

Payment Security

  • Payments processed by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of security certification.
  • ActorBook never stores, processes, or has access to your credit card numbers.
  • All payment webhooks are cryptographically verified to prevent tampering.

Script & Content Privacy

  • Your scripts, sides, and audition materials are private to your account.
  • Content is stored in isolated, user-scoped storage — enforced by security rules at the infrastructure level.
  • Every API request verifies resource ownership before granting access.
  • Your content is never shared with other users or used for training purposes.

Recording Privacy

  • Audio recordings and self-tapes are stored in your private, user-scoped storage.
  • Audio sent for transcription is processed transiently and not retained on processing servers.
  • Only you can access your recordings — enforced by server-side ownership checks.

Abuse Prevention

  • Rate limiting on all endpoints prevents abuse and protects service availability.
  • Bot protection via reCAPTCHA Enterprise and App Check.
  • All user inputs are sanitized to prevent injection attacks.
  • Strict CORS policies ensure only authorized domains can access the API.
  • Security headers (CSP, X-Frame-Options, COEP, COOP) protect against common web attacks.

Account Deletion & Data Control

  • Full account deletion available from your profile settings at any time.
  • Deletion removes all your data — profile, scripts, recordings, billing records, and cached files.
  • You can request data access or correction by contacting support at info@actorbook.studio.

Infrastructure

  • Hosted on Google Cloud Platform (Firebase Hosting + Cloud Run) with enterprise-grade reliability.
  • All secrets and API keys managed via Google Secret Manager — never stored in code.
  • Admin access restricted by email whitelist with role-based authorization.
Back