INVITE-ONLY BETA Request beta access
SECURITY

Security & privacy, by design

Three commitments that shape how Cutroom is built — not features bolted on afterward.

Passkey-first — no passwords

Cutroom accounts use passkeys, not passwords. There's nothing to reuse, phish, or leak in a breach. Sign-in is a device-bound cryptographic ceremony; and because the recovery-email path is the real attack surface, spending is gated behind a fresh passkey step-up so a recovered session can't drain your balance.

Local-first — your media stays on your disk

A project is born local: an on-device op-log and on-disk media, editable fully offline and account-less. Import decodes on your machine — no upload for common formats. Nothing leaves your disk until you choose to promote a project to the cloud for the Director, generation, sync, or a server master render.

We don't train on your media

Your footage, audio, and prompts are not used to train models. Generation requests are processed to produce your result and then discarded. Every export also carries C2PA Content Credentials — a signed record of what was generated and what was filmed.

Reporting a vulnerability

A coordinated-disclosure contact and security.txt are published as Cutroom approaches public launch. Until then, please reach the team through the channels listed in the footer.