Trust & Security
Your work, your data, your trust — protected by design.
We're a small studio that takes your trust seriously. Your card details, your password, your identity and your creative work are protected by the same names the largest companies in the world rely on — not home-grown shortcuts. Here's exactly how, in plain language.
How we protect you
Six promises we keep
The technology we trust
Built on infrastructure you already trust
We don't reinvent security — we stand on the providers the industry depends on, each doing the one job they're best in the world at.
Payments — PCI-DSS Level 1 hosted checkout. The card rails the largest companies in the world trust.
Authentication & identity — encrypted password management, email verification, Google sign-in.
Database & storage — your projects encrypted at rest, with strict per-account access boundaries.
Global edge hosting — TLS everywhere, served fast and securely from data centres worldwide.
AI features — invoked only on the content you choose; API data is never used to train public models.
Transactional email — verification codes, receipts and call sheets, on a verified sender domain.
The developer's promise
Built in the open, for the long run
StoryboardCanvas is profit-funded, not VC-funded — no investors to please, nothing to flip. The price you join at is the price your project keeps, for its whole life. Every upgrade we ship lands on every tier, retroactively: the twenty apps in your plan today are the twenty in your plan tomorrow.
We build in the open. Every release is written up in plain language in the public changelog, and the roadmap is a live ballot — every vote reorders what we build next. You can see exactly what changed, what's coming, and why.
Trust, in your own questions
Is my card data safe with StoryboardCanvas?
Yes. Payments run on Stripe Hosted Checkout, which is certified PCI-DSS Level 1 — the highest level in the card industry. Your card details go straight to Stripe and are never seen, handled or stored on our servers. You can cancel or manage your subscription any time through Stripe's own self-serve Customer Portal.
Where is my password stored?
Nowhere we can reach it. Authentication is handled by Clerk, an industry-standard identity provider. Your password is encrypted and managed entirely by Clerk — we never see it and never store it. You can also sign in with Google instead of a password, and every new account is verified by email code.
Is my data encrypted?
Yes — in transit and at rest. All traffic is served over TLS (HTTPS), and your projects, scripts and media are encrypted at rest in our database and storage. The platform is GDPR-compliant by design.
Who owns the scripts and projects I create?
You do. Your content is yours under our Terms of Service — we never claim ownership of your creative work. You can export your data, and you can delete your account and request erasure of your data at any time, self-serve, from your account settings.
Are my scripts or production data used to train AI?
No. Your scripts and production data are never sold, and are not used to train public AI models. AI features only send the specific content you ask them to work on, when you invoke them.
What happens to my data if I cancel?
Cancelling is self-serve through the Stripe Customer Portal — no lock-in, no emails to write, no phone calls. Your data stays yours: export it before you go, and request full erasure whenever you like.
Full detail lives in our Terms of Service. Still unsure? Ask us anything →
Trust earned, then a studio that delivers.
No card to look around, no sign-up to explore the live demo. When you're ready, start free — your work is protected from the very first keystroke.