OneStudio public page
Security and Trust
OneStudio separates client and project data by workspace and role. Client users should only see the projects, requests, files, invoices, and status information relevant to their own relationship.
The product runs on managed Cloudflare and Supabase infrastructure, with billing through Stripe, uploaded assets in Cloudflare R2, and transactional email through Resend.
Trust posture
- - Organization-scoped workspaces with server-side permission checks.
- - Agency admins, agency members, clients, and platform admins have separate product roles.
- - Founder-private Codex, GitLab, TeamFlow, and Wave tooling stays platform-admin gated.
- - Agency admins can export organization-owned partners, projects, and invoices as JSON or CSV.
- - Data exports are recorded in organization activity, and project activity pages filter sensitive agency-only events from non-admin users.
Report a concern
- - Security concerns can be sent to [email protected].