Security & Content Protection
Your content, protected
Every title you publish is encrypted, streamed, and access-controlled from ingestion to the reader's screen. The source file never leaves our platform.
DRM built into every page turn
Our proprietary streaming-first DRM protects your catalog without getting in your readers' way.
The source file stays with us
Readers stream your content. The original file is never delivered to a device, so there is nothing to copy, share, or leak.
AES-256-GCM encryption
Content is encrypted with AES-256-GCM before delivery and served only through signed, expiring requests.
Instant revocation
Access is checked server-side on every read, so you can revoke it immediately. Concurrent device limits keep sharing in check.
Offline, still protected
Downloads in our native apps stay encrypted in storage your readers cannot reach, and expire automatically.
Screenshots blocked
The apps block screen capture on iOS and Android and refuse to run on rooted or jailbroken devices.
Bulk extraction, deterred
Copy, print, and extraction limits let readers work with your content without walking away with it.
Secure from ingestion to reader
The platform around your content is built and operated to the same standard as the DRM inside it.
Protected intake
Your files and ONIX metadata arrive through a dedicated, encrypted ingestion environment, isolated per client and never publicly reachable.
Encrypted everywhere
AES-256 at rest across storage, database, and backups. TLS 1.2+ for everything in transit.
Watched around the clock
Enterprise-grade WAF and DDoS protection at the edge, 24/7 monitoring with on-call, and periodic external penetration testing.
Built for your due diligence
We answer vendor security assessments for some of the most demanding publishers in the industry.
ISO 27001
Certification actively in progress
PCI DSS SAQ-A
No cardholder data ever touches our systems
GDPR & LGPD
Privacy compliance with DPAs across our subprocessors
Independent testing
External penetration test reports available under NDA
Running a security review?
The full technical overview lives in our documentation, and we share DPAs, security policies, and penetration test reports with your team on request. Send us your questionnaire and we will turn it around quickly.
Found a vulnerability? Report it to security@publica.la. We review every report.