Security
Professional-grade security for your business
Your client data deserves the same level of care as your artwork. pencild protects every record with per-user encryption, strict data isolation, and two-factor authentication.
Your data is encrypted
Every user has their own unique encryption key. Over 60 fields are encrypted at rest, including email content, phone numbers, addresses, notes, financial information, Instagram messages, and connection tokens. All traffic is served over HTTPS.
Email content
Subject lines, body text, and message snippets are encrypted before storage.
Phone numbers and addresses
All client contact information is encrypted with your personal key.
Personal notes
Client notes, project details, and session records are encrypted at rest.
Financial information
Payment details and deposit records are encrypted.
Instagram messages
Your Instagram DM content is encrypted at rest.
Files encrypted at rest
All uploaded files and documents are encrypted in storage.
Authentication
Secure access to your account
Strong authentication protects your account from unauthorised access. Two-factor authentication adds an extra layer of security.
Two-factor authentication
TOTP-based 2FA works with apps like Google Authenticator. 10 backup codes provided.
Strong password requirements
Minimum 10 characters with uppercase and special character requirements.
Rate limiting on login
Brute-force protection limits login attempts to keep your account safe.
2FA-gated features
Sensitive actions like ID document capture require active two-factor authentication.
Email-based login
Secure, straightforward email-based authentication.
HTTPS enforced
All connections are encrypted in transit. No exceptions.
Data isolation
Your data is completely isolated
Every query is scoped to your user account. Studios can only access artist data through explicit permissions that artists control.
User-scoped data access
Every data request is filtered to your account. Your data is yours alone.
No cross-user access
One user cannot access another user's data. Ever.
Studio boundaries respected
Studios see only what artists explicitly share. Artists control the permissions.
GDPR compliance
Built for data protection
pencild is designed with GDPR compliance at its core. Personal data is encrypted, consent is tracked, and you have full control over your data.
All personal data encrypted
Standard and special category data (like health questionnaires) are encrypted at rest.
Consent timestamps recorded
Every consent action is timestamped and stored for compliance.
Right to erasure
Soft delete with 30-day recovery period, then permanent deletion. No data lingers.
Data portability
Bulk export your data anytime. Consent forms and ink passports export in ZIP format.
Immutable audit trail
ID document access and studio data access are logged in an audit trail that cannot be altered.
Explicit consent capture
GDPR-compliant consent collection with clear opt-in and timestamp recording.
Your control
Delete or export anytime
Your data belongs to you. Export it or delete it whenever you want.
Export your data
Download everything anytime. Full data portability.
Delete with 30-day recovery
Soft delete gives you a safety net in case you change your mind.
Permanent deletion after grace period
After 30 days, data is permanently removed. Gone forever.
Professional tools, professional security
Per-user encryption, two-factor authentication, and GDPR compliance. Your data is protected.
14-day free trial. Add a card to extend to 30 days.