Your storyboards, scripts, and client approvals live in Boords. This page sets out how we protect that work, how we handle your personal data, and where procurement and security teams can find the detail they typically need.
Confidentiality
Anything you upload to or create in Boords is hidden from everyone, including the Boords team, unless you explicitly share it. We do not browse customer accounts. In the rare cases where access is needed for support or debugging, we proceed only with your explicit consent and limit access to the minimum data necessary.
Encryption
All traffic to and from Boords runs over HTTPS with 256-bit SSL. Uploaded files and assets are encrypted at rest on AWS S3 using server-side encryption with AWS-managed keys (SSE-S3). Backups are encrypted to the same standard.
Hosting and infrastructure
Boords runs on managed infrastructure from AWS and Heroku, primarily in the EU (Ireland). Cloudflare sits in front of the application, providing web application firewall protection and DDoS mitigation. Database backups run hourly. File assets stored on AWS S3 carry built-in geographic redundancy within the EU region.
Authentication and account security
Multi-factor authentication is available to every account via an authenticator app. Passwords are hashed with bcrypt and a unique salt. We enforce a minimum password length and complexity, restrict the use of compromised passwords, and rate-limit login attempts to prevent brute-force attacks. Sessions expire after seven days of inactivity. Administrative access to our infrastructure (AWS, Heroku) is MFA-protected and restricted to authorised personnel with a specific business need.
Sub-processors and data location
Boords relies on a defined set of named sub-processors for hosting, payments, support, analytics, AI features, and email. The full list, including the country in which each one processes data, is published in our Privacy Policy. Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs).
Your data, your rights
You own the storyboards, scripts, frames, and assets you create in Boords. We hold a limited licence only to host and display them on your behalf. You can export your work at any time as PDF, image, or animatic. To delete your account or request erasure of your personal data, email hello@boords.com. We respond to UK GDPR requests within one month. By law, we retain basic customer data (identity, contact, financial, and transaction) for six years after account closure to satisfy UK legal and tax obligations.
Payments
Boords does not hold any credit card information directly. All payments are handled by Stripe, which is fully PCI compliant in storing and processing card data.
AI features
Boords uses external AI services from OpenAI, Fal.ai, and Google (Gemini API) to power script import, storyboard generation, and image generation. Customer content submitted to these services via API is not used to train the underlying models.
Boords sends transactional and notification email from the boords.com domain via Postmark, with SPF, DKIM, and DMARC configured to prevent spoofing.
Compliance and frameworks
Boords is operated by Presentable Software Limited, a UK company registered with the Information Commissioner's Office (ICO). We comply with the UK GDPR and align our practices with the EU GDPR and the California Consumer Privacy Act (CCPA/CPRA).
We are not currently certified to SOC 2 or ISO 27001. We rely on the equivalent controls provided by our underlying infrastructure (AWS, Heroku, Cloudflare, Stripe), all of which carry those certifications themselves. We have completed the Assured SaaS Security Risk and Trust Assessment. A full mapping of our controls is in the Security Overview document below.
Security Overview document
For procurement and security teams, a more detailed Security Overview is available as a PDF. It covers our hosting, encryption, authentication, monitoring, backup and recovery, development practices, sub-processors, and incident response in more depth.
Download the Security Overview (PDF)
Reporting a security issue
If you believe you have found a security vulnerability in Boords, please email hello@boords.com. We will acknowledge your report and work in good faith with you to resolve it. Please give us a reasonable window to investigate and fix the issue before any public disclosure.
Questions
For anything else, email hello@boords.com and we will respond.