✨ Get 15% off Growth plan with code
noshootnoshoot.
Enter App

Product Tagging

Batch Processing

Outfit Grouping

Pose Controls

Model Library

Export Ready Assets

Catalog Packs

Editorial Drops

PDP Updates

Social Launch Kits

PricingFAQBlog
Log In

Trust

Security

A practical overview of how noshoot approaches platform security, customer responsibilities, incident response, vendor risk, and responsible disclosure.

Operator

SZABÓ Z. ÁKOS PERSOANĂ FIZICĂ AUTORIZATĂ

VAT

RO51946845

Product

noshoot

Last updated

April 26, 2026

1. Security approach

noshoot is designed for commercial fashion content workflows where customers may upload product assets, campaign concepts, and brand materials. We use reasonable technical and organizational safeguards intended to protect the confidentiality, integrity, and availability of the Service.

Security is a shared responsibility. We protect the platform; customers must protect their accounts, devices, exports, workspace permissions, and publication channels.

2. Access controls

  • Account-based access to the authenticated app.
  • Workspace roles and permissions for team collaboration.
  • Administrative access limited to operational need.
  • Session and authentication controls designed to reduce unauthorized access risk.
  • Prompt action to restrict accounts involved in abuse, compromise, fraud, or policy violations.

3. Data protection safeguards

  • Encryption in transit using HTTPS/TLS where supported.
  • Use of managed infrastructure and reputable providers for hosting, storage, delivery, and processing.
  • Backups or recovery mechanisms designed to support continuity.
  • Logging and audit records for operational, security, and abuse-prevention purposes.
  • Separation of customer workspaces at the application level.

4. AI and asset handling

AI workflows may require processing uploaded images, prompts, product data, and generated outputs through internal systems and selected service providers. Customers should avoid uploading highly sensitive, regulated, or unnecessary personal data and should keep copies of critical files outside the Service.

5. Vendor and infrastructure risk

The Service depends on third-party infrastructure, AI, email, payment, authentication, analytics, and storage providers. We aim to choose providers with appropriate security practices, but third-party outages, vulnerabilities, policy changes, or processing delays may affect the Service.

6. Incident response

If we identify a security incident affecting customer data, we will investigate, take steps to contain and remediate the issue, and notify affected customers or authorities where required by applicable law. Notices may be provided by email, in-product messages, or other reasonable channels.

7. Customer responsibilities

  • Use strong, unique passwords and protect email accounts used for login.
  • Limit administrator access to people who need it.
  • Remove workspace members who no longer require access.
  • Review generated content before publication and keep backups of critical assets.
  • Do not upload malware, secrets, credentials, unlawful content, or personal data you are not permitted to process.
  • Notify us promptly if you suspect unauthorized access, credential compromise, or accidental disclosure.

8. Responsible disclosure

If you believe you found a vulnerability, report it responsibly with enough detail for us to reproduce the issue. Do not access, modify, delete, exfiltrate, or disrupt data that does not belong to you. Do not perform denial-of-service testing, social engineering, spam, physical attacks, or destructive testing.

9. No absolute guarantee

No online service can guarantee perfect security. This Security page describes our general approach and does not create a warranty, guarantee, service level agreement, or contractual commitment beyond any written agreement we sign with a customer.

10. Updates

We may update this Security page as our product, infrastructure, controls, and vendors evolve.