Trust centre

Security

Our approach to protecting the studio website, products and information entrusted to us. Last updated: 11 July 2026.

Our approach

Security is an ongoing practice.

We take a proportionate, risk-based approach and consider security throughout design, development and operation. No system can be guaranteed completely secure, and our controls evolve with each product’s maturity and risk profile.

Core practices

  • Limiting access to systems and data to those who need it.
  • Using strong authentication and secure development practices where appropriate.
  • Keeping dependencies and services under review.
  • Minimising the personal information collected.
  • Reviewing suspected incidents and taking corrective action.

Product-specific information

Security controls differ by product and development stage. Appropriate details will be supplied with each released service rather than making broad claims that may not apply equally to every build.

Report a concern

If you believe you have found a security issue, email [email protected] with “Security report” in the subject line. Include the affected page or product, a clear description and steps to reproduce. Do not access, alter or download other people’s information, disrupt services or publish an unresolved issue.

Response

We will acknowledge credible reports when practical, investigate them and prioritise remediation according to risk. We cannot offer payment or a formal bug bounty unless agreed in writing beforehand.

Please never send passwords, secret keys, payment details or sensitive personal information in an initial report.