Back
SunSlate
Your privacy, above all

Your script doesn't leave the room.

Filmmakers are protective of their work — and they should be. SunSlate is built on the principle that your production data belongs to your production. Here is exactly how we protect it.

Encrypted in transit and at rest

All data moves over TLS 1.2+. At rest, your project data lives in Google Cloud Firestore — encrypted by default using AES-256 managed keys. We don't store scripts or production documents on our own servers.

Your script is never used to train AI

When you upload a script or type a command, the text is sent to Anthropic or Google via their API. Neither provider uses API traffic to train their models. Your screenplay stays yours.

Project-scoped access

Every piece of data — shoot days, crew, locations, budget, call sheets — is gated behind Firestore security rules. Only people you explicitly invite to a project can read or write its data. There is no "public link" for production data.

Role-based permissions

Project owners control what each crew member can see and do. Editors can create and update; viewers can read. Admin-only actions (deleting shoot days, resetting the project) require elevated permission — enforced server-side, not just in the UI.

NDA Gate

Owners can require every crew member to read and sign a confidentiality agreement before they can access the production. Until they sign, access to the script, schedule, locations, budget, and breakdowns is blocked at the database level — not just hidden in the interface. Every signature is recorded with a name, version, and timestamp.

Infrastructure you already trust

SunSlate runs on Vercel (SOC 2 Type II) and Google Cloud / Firebase (ISO 27001, SOC 1/2/3, FedRAMP). We inherit the security posture of infrastructure that powers some of the largest companies in the world.

No third-party data sales. Ever.

We do not sell, rent, or share your production data with advertisers, data brokers, or partners. The only third parties that touch your data are the infrastructure providers listed in our Privacy Policy — each bound by a data processing agreement.

Built on

Google Cloud / Firebase·Vercel·Anthropic·Google Gemini·Twilio·Resend

Each provider is bound by a data processing agreement and subject to independent security audits. Google Cloud and Firebase hold ISO 27001, SOC 1/2/3, and FedRAMP authorizations. Vercel is SOC 2 Type II certified.

Coming soon

  • Full access audit log — see who viewed or edited what, and when, across every surface.
  • View-only share links — share a call sheet or location brief without granting project access.
  • Confidential project mode — project marked sensitive; screenshots discouraged in-app.

Questions about security?

We take filmmaker privacy seriously and will answer any specific question about how your data is handled.

hello@sunslate.app →