Security

Encrypted audio storage. Private by default.

Q: How are passwords for protected projects stored?

Project passwords are hashed before storage — they are never stored in recoverable form. Once a reviewer enters the correct password, a signed, time-limited cookie grants access. If you lose a project password, you can reset it from your dashboard.

Unreleased tracks deserve real protection. Here is exactly how Audiomus handles your files, your data, and your reviewers' access.

Encryption at Rest & in Transit

All audio files are encrypted at rest using AES-256. All data in transit — between your browser, our servers, and our storage infrastructure — travels over TLS 1.2+. No unencrypted audio ever leaves or enters Audiomus.

>AES-256 encryption at rest
>TLS 1.2+ enforced on all connections
>HTTPS-only — no HTTP fallback
>Database encrypted at rest

Signed, Expiring Audio URLs

Audio files are never publicly accessible via a static URL. Every time a reviewer loads a project, a short-lived signed URL is generated specifically for that request. Once the URL expires, the file is inaccessible — even if someone copies the link.

>All audio served via signed, time-limited URLs
>URLs expire after a short window — not shareable
>No direct R2 bucket access — all requests go through the API
>New signed URL generated on each project load

Project Access Control

Projects are private by default. You choose who can access each project via a unique share token. Revoke access at any time by regenerating the token — all existing links immediately stop working. Add a password layer for sensitive unreleased material.

>All projects private by default — no public discoverability
>Unique share token per project
>Regenerate token anytime to invalidate all existing links
>Optional password protection on any project
>Password stored as a signed cookie — never plain text

Safe Guest Access

By default, guests can stream, comment, and download the original file. You can disable downloads per project from your dashboard to keep files protected. Guests cannot access any project they haven't been explicitly given a link to, and comment submissions are rate-limited to prevent abuse.

>Downloads on by default — disable per project from your dashboard
>No cross-project access — each link is scoped to one project
>Rate limiting on guest comment submissions
>Guest names collected at review time — no account required
>No guest data shared with third parties

Infrastructure & Data Residency

Audiomus is built on SOC 2 compliant, enterprise-grade infrastructure. Audio transcoding runs on a dedicated server — files are streamed directly to and from object storage, never buffered on our application servers.

>SOC 2 compliant serverless application infrastructure
>SOC 2 Type II + ISO 27001 certified database
>Enterprise-grade object storage with high durability
>Transcoding: files streamed in/out, never held in memory
>No audio data passes through application servers

IP Addresses & Personal Data

We do not store raw IP addresses. Guest reviewer IPs are hashed with HMAC-SHA256 using a secret key before being stored — making them non-reversible. This allows abuse detection without retaining personally identifiable network data.

>Raw IP addresses never stored — HMAC-SHA256 hashed only
>Hash is non-reversible without the secret key
>No data sold or shared with advertisers
>Email addresses used only for notifications you opt into
>Full data export available on request

// Security FAQ

Common Questions

[01]Can guests download my audio files?

> Guests can download if you allow it — downloads are enabled by default and can be turned off per project from your dashboard.

[02]What happens if I regenerate a project's share token?

> All existing share links immediately stop working. Anyone who previously had the link will get an access denied error. You then share the new link only with the people you want.

[03]Is my audio backed up?

> Audio files are stored with high durability across redundant infrastructure. We do not separately back up your audio — you should keep your own copies of original files.

[04]Does Audiomus use my audio for any other purpose?

> No. Your audio is stored to serve your reviewers. We do not analyze, train models on, or share your audio with any third party.

[05]How are passwords for protected projects stored?

> Project passwords are hashed before storage — never stored in recoverable form. Once a reviewer enters the correct password, a signed, time-limited cookie grants them access. If you lose a project password, you can reset it from your dashboard.

[06]Who can I contact about a security issue?

> Email security@audiomus.com with details. We aim to respond within 24 hours and will keep you informed as we investigate.

// Questions or concerns?

Found a security issue? Tell us.

Email security@audiomus.com. We respond within 24 hours and take every report seriously.

Start Free