LensCowboy processes sensitive production data — scripts, shot breakdowns, bid figures, and creative strategy. This document outlines the security architecture we've built to protect that data at every layer.
All sensitive data in LensCowboy is encrypted at rest using AES-256, the same standard used by financial institutions and government agencies. Critically, encryption is applied per client — your data is encrypted with a key that is unique to your account and inaccessible to other clients on the platform.
Encrypted fields include script-derived content, shot descriptions, prompt seeds, and all narrative content derived from your screenplay. Structural metadata (scene counts, shot codes, VFX types) is stored separately and does not contain identifiable script content.
Access to LensCowboy requires multi-factor authentication (MFA) for all users — supervisors, owners, and administrators alike. MFA uses time-based one-time passwords (TOTP) compatible with standard authenticator apps including Google Authenticator, Authy, and 1Password.
Sessions are managed via cryptographically signed tokens stored in httpOnly cookies — inaccessible to browser JavaScript, protecting against cross-site scripting attacks. Session tokens expire automatically and are invalidated on logout.
LensCowboy uses a role-based access control model. Every user is assigned a role — Owner, Supervisor, or Viewer — and access to data is enforced at the API layer based on that role. A user cannot access data belonging to another client account regardless of their role.
Platform operators have a separate administrative role with access to platform configuration only. Operator access to client data is governed by the same cryptographic isolation that protects clients from each other.
| Role | Capabilities | Data Access |
|---|---|---|
| Owner | Full project management, bid approval, pipeline push, rate locking | Own client data only |
| Supervisor | Breakdown review, shot approval, scene editing, export | Own client data only |
| Viewer | Read-only access to approved breakdown and bid | Own client data only |
LensCowboy is a multi-tenant platform. Each client's data is stored in logically isolated partitions keyed to their account identifier. Every database query is scoped to the requesting client's identifier, enforced at the application layer before any data is returned.
This means that even if a session token were compromised, an attacker could only access data belonging to the account associated with that token — never data from another client account.
LensCowboy uses a three-layer security architecture for AI analysis that ensures raw script content never leaves your security perimeter without explicit consent.
Layer 1 parses the script locally — entirely within the platform, with no external network calls. It extracts only structural signals: scene types, action codes, location classifications. No dialogue, no narrative prose, no character names cross this boundary.
Layer 2 sends only the anonymised structural signals to AI analysis — never the original screenplay text. The AI receives a structured manifest, not your script.
LensCowboy runs entirely on Google Cloud Platform, one of the most audited and certified cloud infrastructure providers in the world. GCP holds SOC 1/2/3, ISO 27001, PCI DSS, and FedRAMP certifications, providing a strong security foundation that our application security layers build upon.
All services run in containerised environments with no persistent state in the compute layer. Secrets are managed centrally with access logging. Database access is governed by least-privilege service accounts with collection-level restrictions.
| Component | Technology | Security Posture |
|---|---|---|
| Compute | Google Cloud Run | Containerised, stateless, auto-scaling. No persistent compute access. |
| Database | Google Cloud Firestore | Default-deny security rules. Least-privilege service account access with collection-level IAM conditions. |
| Secrets | Google Secret Manager | All API keys, encryption keys, and credentials. Access logged. Per-service account scoping. |
| CI/CD | Google Cloud Build | Automated build and deploy pipeline. No manual server access required or permitted. |
| AI Analysis | Google Vertex AI | Enterprise AI with data processing agreements. Zero data retention options available. |
All significant actions within LensCowboy are recorded in an immutable audit log. This includes shot approvals, rate locking events, pipeline pushes, user login activity, and any administrative changes to your project configuration.
Audit logs are append-only — once written, they cannot be modified or deleted by any user including platform administrators. This provides a tamper-evident record of all activity on your account.
When a subscription ends, your account is suspended immediately. Your data is retained for 30 days to allow for reactivation or data export. After 30 days, all platform-held data is permanently and automatically deleted.
LensCowboy never holds your creative output files. Videos, images, and rendered assets are stored in your Google Drive — they are your property and remain in your control at all times. Platform deletion affects only account configuration and job history.
LensCowboy does not sell, share, or use your data for any purpose other than providing the platform services you've subscribed to. Your scripts, breakdowns, bids, and production data are never used to train AI models — ours or anyone else's.
You have the right to request a copy of all data we hold about your account, request correction of inaccurate data, and request permanent deletion at any time. These rights are fulfilled within 30 days of request.
| Your Right | How to Exercise | Response Time |
|---|---|---|
| Data export | Contact your account manager or email privacy@lenscowboy.com | Within 30 days |
| Data correction | Update directly in platform or contact support | Immediately / within 14 days |
| Account deletion | Cancel subscription — auto-deletion after 30-day retention | 30 days after cancellation |
| Data processing query | Email privacy@lenscowboy.com | Within 14 days |
If you have questions about our security architecture, wish to report a vulnerability, or require security documentation for a procurement or compliance process, please contact us directly.
We take security reports seriously and respond to all disclosures within 48 hours. We do not pursue legal action against researchers acting in good faith.
For architecture questions, compliance documentation, and enterprise security reviews.
Responsible disclosure welcomed. 48-hour acknowledgement. No legal action for good faith research.
Data export, correction, deletion requests, and GDPR/POPIA enquiries.