How do I report a security vulnerability?

Email security@picxstudio.com with a clear description of the vulnerability, steps to reproduce, and any proof-of-concept. We aim to acknowledge reports within 48 hours and provide a resolution timeline within 7 business days.

Is PicX Studio compliant with data protection regulations?

We align our practices with GDPR and relevant data protection regulations, including maintaining records of processing activities, honoring data subject rights (access, deletion, portability), and conducting data protection impact assessments for high-risk processing.

Security Policy – How PicX Studio Protects Your Data

At PicX Studio we take the security of your data seriously. This policy describes the technical and organisational measures we use to protect the platform and everything you create on it.

Data Encryption

All data transmitted between your device and our services is encrypted using TLS 1.2 or higher. Data stored at rest — including generated images, videos, prompts, and account information — is encrypted with AES-256. Encryption keys are rotated regularly and managed through a dedicated secrets management system.

Access Control

Role-based access control (RBAC) limits internal system access to authorised personnel only.
Multi-factor authentication (MFA) is mandatory for all administrative access.
Access permissions are reviewed quarterly and revoked immediately upon role changes.
Production systems are accessible only through hardened, audited pathways.

Secure Development Practices

Our engineering team follows OWASP secure coding guidelines. All code changes go through peer review and automated security scanning before merging. Dependency vulnerabilities are tracked continuously using software composition analysis tools, and patches are applied promptly.

Vulnerability Management

Continuous automated scanning for known CVEs across our infrastructure and dependencies.
Periodic penetration testing by qualified internal or third-party testers.
A formal patch management process prioritises critical and high-severity findings.
Network segmentation and firewall rules limit the blast radius of any potential compromise.

Incident Response

PicX Studio maintains a documented incident response plan covering detection, containment, eradication, and recovery. In the event of a confirmed security incident affecting user data, we will notify affected users within the timeframes required by applicable law and take immediate steps to prevent further harm.

Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please email security@picxstudio.com with:

A clear description of the vulnerability.
Steps to reproduce the issue.
Any proof-of-concept code or screenshots (if applicable).

We aim to acknowledge all reports within 48 hours and provide a resolution timeline within 7 business days. We will not take legal action against researchers who follow this responsible disclosure process in good faith.

Employee Training & Awareness

All PicX Studio employees complete mandatory security awareness training covering phishing, social engineering, data handling, and incident reporting. Training is refreshed annually and supplemented with targeted guidance when new threats emerge.

Third-Party Services

We carefully vet third-party service providers and require them to maintain security standards consistent with our own. Data shared with processors is governed by data-processing agreements that restrict use to the stated purpose.

Compliance

PicX Studio aligns its security practices with GDPR and other applicable data protection regulations. This includes maintaining records of processing activities, honouring data subject rights (access, deletion, portability), and conducting data protection impact assessments for high-risk processing activities.

User Responsibility for Generated Content

PicX Studio provides creative tools; however, you are solely responsible for how you use the images, videos, and other assets you generate. You must ensure that any content you publish or distribute is lawful and does not infringe the rights of any person.

Obtain consent from any identifiable individual depicted in your content before sharing or commercialising it.
Respect copyrights, trademarks, and other intellectual-property rights. Secure appropriate licences for any third-party material you incorporate.
Do not use PicX Studio to create or disseminate content that is hateful, harassing, violent, or otherwise harmful.

Frequently Asked Questions

How does PicX Studio encrypt my data?

All data in transit is protected with TLS. Data stored at rest — including generated images, videos, and account information — is encrypted with AES-256.

Does PicX Studio share my data with third parties?

We do not sell your personal data. We share data only with trusted service providers necessary to operate the platform under strict data-processing agreements.

What happens if there is a security breach?

We will notify affected users promptly in accordance with applicable regulations and take immediate steps to contain and remediate the incident.

Last updated: April 2026. Questions? Contact security@picxstudio.com.