Security at MasterTimeline
Your creative work and personal data deserve serious protection. Here's how we keep it safe.
Authentication is handled by Supabase Auth with bcrypt password hashing and PKCE OAuth flow for third-party logins.
Row Level Security (RLS) is enforced on every database table, ensuring users can only access their own data. Sessions are managed with secure, HTTP-only cookies.
All data is stored in PostgreSQL via Supabase with encrypted connections (TLS). Files are stored in Supabase Storage with signed URLs that provide time-limited access.
Regular database backups are maintained, and all data is encrypted at rest.
Prompts and generation requests are sent to OpenRouter and Fal.ai via encrypted HTTPS connections. AI providers do not permanently store your prompts or generated content.
Image and video data is transmitted securely. Third-party services are selected based on their security posture and data handling practices.
All payment processing is handled by Stripe, a PCI DSS Level 1 compliant provider. No credit card numbers are ever stored on our servers.
Webhook signatures are verified for every payment event to prevent tampering. Subscription management is handled through Stripe's secure customer portal.
If you discover a security vulnerability, we appreciate your help in disclosing it responsibly.
- Email support@mastertimeline.com with a description of the issue
- Include steps to reproduce the vulnerability
- Do not exploit the vulnerability or share it publicly
- We will acknowledge receipt within 72 hours
Last updated: February 2026
See also our Privacy Policy for details on how we collect and use data.