Security at Master Timeline
Your work and your data deserve serious protection. Here's how we keep them safe.
Sign-in is handled with industry-standard password hashing (bcrypt) and PKCE OAuth for third-party logins.
Row-level access control is enforced on every record in the database — you can only see your own work. Sessions live in secure HTTP-only cookies.
Everything is stored over encrypted connections (TLS) and encrypted at rest. Files use time-limited signed URLs so links can't be shared past their expiry.
Backups run on a regular cadence so your projects stay recoverable.
Prompts and generation requests travel to AI providers over encrypted HTTPS. Those providers do not permanently store your prompts or generated content.
Third parties are selected based on their security posture and data-handling practices — and reviewed when they change.
All payments are processed by Stripe, a PCI DSS Level 1 compliant provider. No credit card numbers are ever stored on our servers.
Every payment event is signature-verified to prevent tampering. Subscription management runs through Stripe's secure customer portal.
If you find a security issue, we appreciate your help disclosing it responsibly.
- Email support@mastertimeline.com with a description of the issue
- Include steps to reproduce
- Don't exploit the vulnerability or share it publicly
- We'll acknowledge receipt within 72 hours
Last updated: February 2026
See also our Privacy Policy for details on how we collect and use data.