Security

Last updated: March 7, 2026

At Lensdrop we take security seriously. This page outlines our tech stack, how we protect your data and galleries, and how we handle payments so you can trust that access is controlled and unauthorized use is prevented.

Our Tech Stack

We build on trusted, security-conscious platforms so your data stays safe and the service stays reliable:

  • Next.js — Our application framework. We use server-side rendering and API routes so sensitive logic and secrets stay on the server.
  • Supabase — Backend and database. Supabase provides PostgreSQL with row-level security (RLS) and encrypted connections, with access controlled by your membership and studio roles.
  • Cloudflare — File storage (R2), content delivery (CDN), and image processing (Workers). Photos and files are stored in Cloudflare R2 with access controlled through time-limited signed URLs. Images are delivered globally through Cloudflare's edge network.
  • Vercel — Hosting with automatic HTTPS, multi-region serverless functions, and environment variables for secrets (never committed to code).
  • Upstash Redis — Used for rate limiting and caching. Helps us prevent abuse (e.g. brute-force on gallery PINs) without storing sensitive data.

Data Location

Our database is hosted in India through Supabase. Photos and files are stored in Cloudflare R2 (Asia Pacific). Application servers run across multiple regions (India, US, and Europe) through Vercel, with static assets and images served from Cloudflare's global edge network. Payment processing is handled by Razorpay (India). For details on international data transfers and safeguards, see our Privacy Policy.

Authentication and Access Control

Studio accounts use Supabase Auth. Sessions are managed with secure, HTTP-only cookies so credentials are not exposed to client-side scripts. Access to studios, events, photos, and billing is enforced by row-level security (RLS) in the database: each query is filtered so users only see and modify data for studios they belong to. Unauthorized access is blocked at the database layer, not only in the app.

How We Secure Galleries

We ensure only the right people can view or interact with a gallery:

  • PIN protection — When you set a 6-digit PIN on an event, we store only a one-way hash (bcrypt). We never store the PIN in plain text. Verification is rate-limited (e.g. 5 attempts per 15 minutes per IP) to prevent brute-force. After successful verification we set a signed, HTTP-only cookie (HMAC with a server secret) so the session cannot be forged by someone editing cookies in the browser.
  • Share links — When you create a share link, we generate a unique token. Access is checked against that token and optional expiry and download limits. Tokens are not guessable; only people with the link can use it.
  • Gallery mode — You control whether a gallery is closed, view-only, or in selection mode. The app enforces this on every request; we do not serve photos or allow selections unless the request satisfies the event's visibility and (if set) PIN or share-link rules.
  • No backdoors — We do not grant ourselves or third parties "master" access to your galleries. Access is only possible through the rules you configure (PIN, share link, or public view/selection when you've opened the gallery).

Encryption

All data is encrypted in transit using TLS (HTTPS). Data at rest is encrypted through our infrastructure providers (Supabase, Vercel). We do not store any encryption keys in source code or client-side code.

Payments with Razorpay

We use Razorpay for subscriptions and payments. Razorpay is a PCI-DSS compliant payment gateway. We do not store your card number or CVV on our servers; card data is collected and processed by Razorpay. We only store the subscription and billing metadata we need (e.g. plan, status, Razorpay IDs) to provide the service.

Webhooks from Razorpay (e.g. payment success, subscription cancelled) are verified using HMAC signatures and a secret we store in our environment. We reject any webhook that does not pass signature verification, and we use idempotency so duplicate events do not change your billing state twice.

Infrastructure and Secrets

All traffic is served over HTTPS. Secrets (database credentials, API keys, Razorpay keys, webhook secrets) are kept in environment variables and never committed to source control. Our database is hosted by Supabase and file storage by Cloudflare R2, both with encryption in transit and at rest.

Incident Response

In the event of a data breach or security incident, we will notify affected users and relevant data protection authorities within the timeframes required by applicable law (72 hours under GDPR). We will provide clear information about what happened, what data was affected, and what steps we are taking.

Contact

If you have security concerns, discover a vulnerability, or have questions, contact us at hello@lensdrop.app.