Security Overview
How we protect your memories and data.
At Restory, we understand that photographs are deeply personal. We have engineered our platform from the ground up with security and privacy in mind, utilizing enterprise-grade infrastructure.
Encryption at Rest and in Transit
All data transmitted between your browser and our servers is encrypted using modern TLS 1.3 encryption. Your photos and database records are securely stored in Google Cloud data centers using AES-256 encryption at rest.
Strict Access Controls
Your data is protected by Firebase Security Rules. You can only access your own photographs and account details. No other user can view your uploaded or restored images.
No Model Training
We use OpenAI's API to process your images. OpenAI strictly guarantees that images transmitted via their API are never used to train their AI models. The images are processed in memory and are discarded after a brief retention period (for abuse prevention).
Payment Security
We do not store your credit card details. All payment processing is handled by Paddle, our PCI-DSS compliant Merchant of Record, meaning your sensitive financial data never touches our servers.
Certifications & Compliance
Restory runs entirely on Google Cloud Platform and Firebase, which comply with strict international security standards including ISO 27001, SOC 1/2/3, and GDPR.
Transparency Note: While our infrastructure providers undergo rigorous independent audits (e.g., SOC 2, penetration testing), Restory itself as a startup has not yet completed a dedicated third-party SOC 2 audit or external penetration test. We rely on the proven security frameworks of our cloud partners.