Security and privacy, by design.

We build security into every layer of our infrastructure — not as an afterthought, but as a core principle.

Security Principles

We only collect and store what is strictly necessary to operate the service.

All communications are protected via HTTPS/TLS.

Strict access controls, separated roles, and audited access where applicable.

We monitor for suspicious activity to protect users and systems.

Code changes are reviewed and dependencies are monitored for known issues.

No hidden data processing, no selling of personal data.

Databases and storage are encrypted at rest to protect sensitive data.

Multi-factor authentication is enforced for all admin access.

Regular backups with tested disaster recovery procedures.

We do not sell personal data

We retain data only as long as needed for service operation, security, and legal obligations

Users can request access or deletion where applicable (GDPR/EEA)

If you believe you've found a security vulnerability, please report it responsibly. We take every report seriously.

Email: security@noshortcuts.studio

Recommended subject: [VULN] Short description

Please include: steps to reproduce, impact, affected URLs/endpoints, and any proof-of-concept (if safe).

Safe harbor: We will not pursue legal action against researchers who act in good faith, avoid privacy violations, and do not degrade our services.

Response: We aim to acknowledge reports within 72 hours.