- Encryption: All data transmitted between clients and Picsart's servers use at least the TLS1.2 protocol, ensuring data in transit is encrypted and secure.
- CDN URL Security: Picsart CDN URLs, which host resources, are unique, secure, and inaccessible to web crawlers. They are designed to be complex and resistant to brute-force attacks. Additionally, CDN URLs have a limited lifespan of 24 hours to enhance Security.
- API Key Management: API Keys that provide access to the backend processing can be changed manually whenever needed, allowing users to rotate keys for enhanced Security.
- Data Storage: Data is stored on encrypted Google Buckets using the AES256 algorithm, ensuring data-at-rest security.
- Third-Party Penetration Tests: Picsart conducts third-party penetration tests twice yearly to identify and address potential vulnerabilities proactively.
- SOC2 Compliance: Picsart is SOC2 compliant and undergoes annual recertification, indicating adherence to stringent security standards.
- Vulnerability Disclosure Program (VDP): Picsart runs a VDP on Hackerone.
- API Key and Secret Management: Developers receive an API Key and Secret when creating an application. The Secret should be used exclusively in backend implementations and never exposed in client-side code to minimize the risk of unauthorized access.
- API Key Provisioning: To safeguard against unauthorized usage due to key extraction from client-side code, it is recommended to provision a new API Key every month. This practice limits the potential misuse of exposed keys.
- Create a new API Key.
- Replace the key in your client app.
- Go to production, and do full rollout.
- Remove the old API Key.
- Project/Replay File Encryption: Data within Project/Replay files is encrypted, ensuring that access is restricted to the Picsart Create Editor.
- Input and Output Resource URL Security: Customers are encouraged to ensure that input and output resource URLs are accessible only behind a sign-in wall, limiting access to authenticated users.
- Resource URL Authorization: Resource URLs should be permanent but accessible through a special authorization system, and customers are advised to perform URL authorization through temporary headers provided by them.
- Safelisting Picsart's IP Addresses: To facilitate secure communication, customers should whitelist Picsart's IP addresses, as their Account Success Manager specified.
Picsart is continually working to enhance Security, and upcoming improvements include:
- OAuth2 Integration: Picsart backend is being developed to work with OAuth2, adding an additional security layer for API access.
- Authorized CDN URLs: Picsart plans to introduce authorized ones, further strengthening resource access control.
You can read more on the general terms of Security at our Trust Center.
Updated 4 days ago