Tools
Settings & Security
Designer profile
- First and last name
- Profile photo
- Studio name
- Studio logo
- Interface language (PL/EN)
- Default currency
Account security
- Password change (min. 8 characters, uppercase letter, digit)
- MFA (TOTP) – two-factor authentication
- Account deletion (GDPR) – deletes all data
MFA – Two-Factor Authentication
- 1.Go to Settings → Security
- 2.Click "Enable MFA"
- 3.Scan the QR code with an app (Google Authenticator, Authy, 1Password)
- 4.Enter verification code
- 5.From now on, login requires a code from the app
Important: Keep your backup codes in a safe place. If you lose access to the app, backup codes will let you log in.
Platform security
Authentication
- Email + password login via Supabase Auth
- MFA (TOTP) – optional two-factor authentication
- Password policy: min. 8 chars, uppercase letter, digit
Authorization
- Every resource checks project ownership
- 40+ server actions with verification
- Client portal: token-based access
Data protection
- AES-256-GCM encryption for sensitive fields
- Rate limiting – brute-force protection
- CSRF, CSP, XSS – HTTP header protections
- RLS (Row Level Security) – database blocks unauthorized access
Validation
- All inputs validated with Zod schemas
- Input sanitization
- Data size limits
- Public links with expiry dates
Privacy (GDPR)
- Account deletion cascades all data
- Data stored in EU
- No tracking without consent
Audit
- Platform passed security audit (April 2026)
- 0 critical vulnerabilities
- Regular security reviews