OneStudio public page

Security and Trust

OneStudio separates client and project data by workspace and role. Client users should only see the projects, requests, files, invoices, and status information relevant to their own relationship.

The product runs on managed Cloudflare and Supabase infrastructure, with billing through Stripe, uploaded assets in Cloudflare R2, and transactional email through Resend.

Start free

Trust posture

  • - Organization-scoped workspaces with server-side permission checks.
  • - Agency admins, agency members, clients, and platform admins have separate product roles.
  • - Founder-private Codex, GitLab, TeamFlow, and Wave tooling stays platform-admin gated.
  • - Agency admins can export organization-owned partners, projects, and invoices as JSON or CSV.
  • - Data exports are recorded in organization activity, and project activity pages filter sensitive agency-only events from non-admin users.

Report a concern