Security & Content Protection

Your content, protected

Every title you publish is encrypted, streamed, and access-controlled from ingestion to the reader's screen. The source file never leaves our platform.

DRM built into every page turn

Our proprietary streaming-first DRM protects your catalog without getting in your readers' way.

The source file stays with us

Readers stream your content. The original file is never delivered to a device, so there is nothing to copy, share, or leak.

AES-256-GCM encryption

Content is encrypted with AES-256-GCM before delivery and served only through signed, expiring requests.

Instant revocation

Access is checked server-side on every read, so you can revoke it immediately. Concurrent device limits keep sharing in check.

Offline, still protected

Downloads in our native apps stay encrypted in storage your readers cannot reach, and expire automatically.

Screenshots blocked

The apps block screen capture on iOS and Android and refuse to run on rooted or jailbroken devices.

Bulk extraction, deterred

Copy, print, and extraction limits let readers work with your content without walking away with it.

Secure from ingestion to reader

The platform around your content is built and operated to the same standard as the DRM inside it.

Protected intake

Your files and ONIX metadata arrive through a dedicated, encrypted ingestion environment, isolated per client and never publicly reachable.

Encrypted everywhere

AES-256 at rest across storage, database, and backups. TLS 1.2+ for everything in transit.

Watched around the clock

Enterprise-grade WAF and DDoS protection at the edge, 24/7 monitoring with on-call, and periodic external penetration testing.

Built for your due diligence

We answer vendor security assessments for some of the most demanding publishers in the industry.

ISO 27001

Certification actively in progress

PCI DSS SAQ-A

No cardholder data ever touches our systems

GDPR & LGPD

Privacy compliance with DPAs across our subprocessors

Independent testing

External penetration test reports available under NDA

Running a security review?

The full technical overview lives in our documentation, and we share DPAs, security policies, and penetration test reports with your team on request. Send us your questionnaire and we will turn it around quickly.

Found a vulnerability? Report it to security@publica.la. We review every report.