VIDORIX

Production Studio

Security

Security, access, and payment handling

VIDORIX keeps security focused on practical controls: account access, protected intake, provider-managed payment processing, limited internal access to client materials, and a clear path for questions or incident reports.

Accounts and access

Account access is tied to authenticated accounts and role-based routes. Session cookies are scoped for account use, and account actions are checked server-side before access is granted.

Sensitive account mutations are guarded with same-origin checks, and authentication flows are rate-limited to reduce abuse and repeated guessing attempts.

Forms and intake protection

Public intake forms use human verification and server-side validation before a request is accepted. Failed verification, malformed input, or anti-spam triggers do not create a lead record.

This keeps request intake focused on valid submissions instead of turning the public forms into an open abuse surface.

Payments and billing

Public commercial requests now start with invoice or proposal intake, while any internal billing step still keeps sensitive payment details with the provider rather than inside the VIDORIX account.

An order is not treated as paid based on frontend state alone. Payment status and account access are updated only after server-side provider confirmation and reconciliation logic.

Client materials and production assets

Materials shared for production, review, or delivery are handled as operational inputs to the service. Access to those materials is limited to the people who need them to review, process, or support the related request.

The goal is simple: keep client materials tied to a defined request, paid order, or account action instead of letting them move through uncontrolled side channels.

Limited internal access

Internal access follows an operational need-to-know model. The platform separates admin, client, affiliate, and related account roles so users only see the data and actions that fit their scope.

This applies both to account views and to internal handling of lead, package, and support records.

Operational hygiene

The service uses server-side validation, hashed session tokens, controlled account setup and password reset flows, webhook signature verification, and audit-friendly billing and request records.

We do not make claims about certifications, audits, or control frameworks that are not currently in place. This page is meant to describe the working model as it exists today.

Security questions or incident reports

For security questions, account-access issues, or payment-related incidents, contact hello@mail.vidorix.app.

Include the affected account email, the route or order involved, the approximate time of the issue, and a short factual description so the report can be reviewed quickly.