Honest about what we do and don't do.
CaptureBeam is a paid hosted service. Your demo content, your browser sessions, and your rendered MP4s live on infrastructure we run. Here's how we handle them.
Four things we get right
Encryption at rest
Stored credentials (browser session storage-state) are encrypted at rest with AES-256-GCM. The encryption key is per-environment and never leaves the cluster. Decryption happens only inside the worker process at run-time.
Isolated render sandboxes
Each render runs in a fresh Playwright browser context on a dedicated worker. No persistent cookies, no shared state, no leakage between accounts. Capture artifacts are deleted after upload.
API keys hashed
API keys are SHA-256 hashed at rest. The plaintext is shown to you exactly once, at creation time. Compromised keys are revoked from the dashboard with one click — no support ticket required.
Signed URLs
Rendered MP4s ship via presigned GET URLs (24h TTL by default). No anonymous reads of your render bucket. Public-bucket / CDN setups available on request for teams that explicitly want long-lived URLs.
The detail
Authentication
- Sessions: better-auth with HTTPS-only cookies, SameSite=Lax
- Google OAuth + email/password
- API keys: cb_live_… prefix, 32 bytes of entropy, SHA-256 hashed
- All keys revocable from /dashboard/keys with audit log
Render isolation
- Each render runs in a fresh Playwright browser context
- Worker boxes don't share state between jobs
- No persistent storage of cookies or localStorage between renders unless you explicitly supply a storageState
- Capture artifacts (raw.webm, anchors, events.json) are deleted after upload (1h cleanup pass)
Stored credentials
- Storage-state import is opt-in per project, never automatic
- Encrypted at rest with per-environment key (AES-256-GCM)
- Auth flow recording (encrypted login replay) is on the roadmap
- Storage-state can be deleted from the project settings at any time
Network
- TLS 1.2+ for everything (HSTS preload eligible)
- Probe API has SSRF guards: blocks localhost, RFC1918, *.local
- Webhook handlers verify Stripe signatures
- Rate limiting on /api/v1/* via app-level token-bucket
Data lifecycle
- Renders retained for 90 days by default (configurable per account)
- Account deletion wipes projects, renders, API keys, and customer record within 30 days
- Postgres backups: daily snapshots retained 30 days, encrypted
- Storage backups: handled by the underlying object store provider
Compliance posture (honest)
- We're a small team. We don't have SOC 2 or ISO 27001 paper today.
- We can sign a basic mutual NDA and standard MSA on request.
- GDPR data-deletion request: email security@capturebeam.com — fulfilled within 30 days.
- Roadmap: SOC 2 Type I once revenue justifies the audit cost.
Found something?
Email security@capturebeam.com with reproduction steps. We respond within 24 business hours and credit you publicly if the report leads to a fix (your preference).
Render with confidence.
Encryption at rest, isolated render sandboxes, signed URLs, one-click key revocation.