Trust centre
Security
Our approach to protecting the studio website, products and information entrusted to us. Last updated: 11 July 2026.
Security is an ongoing practice.
We take a proportionate, risk-based approach and consider security throughout design, development and operation. No system can be guaranteed completely secure, and our controls evolve with each product’s maturity and risk profile.
Core practices
- Limiting access to systems and data to those who need it.
- Using strong authentication and secure development practices where appropriate.
- Keeping dependencies and services under review.
- Minimising the personal information collected.
- Reviewing suspected incidents and taking corrective action.
Product-specific information
Security controls differ by product and development stage. Appropriate details will be supplied with each released service rather than making broad claims that may not apply equally to every build.
Report a concern
If you believe you have found a security issue, email [email protected] with “Security report” in the subject line. Include the affected page or product, a clear description and steps to reproduce. Do not access, alter or download other people’s information, disrupt services or publish an unresolved issue.
Response
We will acknowledge credible reports when practical, investigate them and prioritise remediation according to risk. We cannot offer payment or a formal bug bounty unless agreed in writing beforehand.