Security

Your production data, locked down.

Productions trust us with unreleased scripts, signed deal memos, and cast contact info. Here's how we keep all of it private — and prove it.

Data we hold

We store cast and crew profiles, documents, and their signatures. We never store sensitive financial information directly.

Cast contact details
Crew bios and contact info
Document metadata and content
Electronic signatures (hashes)

Where it lives

Your data resides entirely within secure, audited infrastructure:

Neon Postgres (Vercel)
Vercel serverless functions
Resend for email

How signatures are protected

Our e-signatures meet legal requirements:

ESIGN Act compliance
UETA compliance
Hash-verified audit trail

Compliance posture

We're on our way to regulatory compliance:

SOC 2 in progress
GDPR-ready
CCPA-ready

Vulnerability disclosure

Found something? Tell us.

We take security reports seriously. Email security@oncroo.com with details. We acknowledge within one business day and patch critical issues within 7 days. Researchers acting in good faith are protected from legal action.

Report a vulnerability Read the full policy Privacy Policy