How FTPix Keeps Your Photos Safe: Our Security Architecture

Your Photos Are Your Livelihood — We Take That Seriously

As a photographer, your photos are your most valuable asset. When you trust FTPix with them, we have a responsibility to keep them safe. This post explains exactly how we protect your photos at every stage — from upload to storage to delivery.

Encryption in Transit

Every photo uploaded to FTPix — whether from the mobile app, desktop app, or web browser — travels over TLS 1.3 encrypted connections. This means the data is encrypted from your device to our servers. No one can intercept or view your photos during transfer, not even on public WiFi networks.

• Mobile app: HTTPS with certificate pinning
• Desktop app: HTTPS with TLS 1.3
• Web upload: HTTPS with TLS 1.3
• WiFi FTP transfer (camera to phone): Local network only — photos never leave your local WiFi during this step. They are encrypted when uploading from the phone to cloud.

Secure Cloud Storage

Photos are stored in enterprise-grade cloud storage with multiple layers of security:

• Server-side encryption: All photos are encrypted at rest using AES-256 encryption
• Geographic redundancy: Photos are replicated across multiple data centers for durability
• 99.99% uptime SLA: Your photos are always accessible when you need them
• Automatic backups: Multiple backup copies ensure zero data loss

Gallery Access Controls

You have full control over who can see and download your photos:

Password Protection

Set a password on any gallery. Visitors must enter the password before seeing any photos. Change or remove the password anytime from your dashboard.

Expiration Dates

Set an expiration date on galleries. After the date, the gallery becomes inaccessible. This is useful for time-limited client previews or event galleries that should only be available for a specific period.

Download Controls

Choose whether visitors can download individual photos, the full gallery, or view only (no downloads). You can change this anytime.

Watermarking

Add a visible watermark with your logo on all downloaded photos. The watermark is applied on-the-fly, protecting your originals while letting clients preview the gallery.

AI Face Search Privacy

AI Face Search is our most powerful feature, and we built it with privacy as the top priority:

• Face vectors, not photos: We store mathematical representations (vectors) of faces, not actual face images. These vectors cannot be reverse-engineered into photos.
• Event-scoped: Face data is only used within the specific event gallery. We never cross-reference faces across different photographers or events.
• No third-party sharing: Face data is never shared with any third party. We do not sell, license, or share your data.
• Automatic deletion: When you delete an event, all associated face data is permanently deleted within 24 hours.
• Selfie searches are ephemeral: When a guest takes a selfie for Face Search, the selfie is processed in memory, used for matching, and immediately discarded. We do not store guest selfies.

Account Security

• Hashed passwords: Your account password is stored using bcrypt hashing. Even if our database were compromised, passwords cannot be recovered.
• Session management: Sessions expire after inactivity. You can sign out of all devices from your account settings.
• API token security: API tokens for the desktop and mobile apps are generated with secure random bytes and can be revoked anytime.

What We Will Never Do

1. We will never look at your photos unless you explicitly report an issue and ask us to investigate
2. We will never sell or share your data with advertisers, analytics companies, or anyone else
3. We will never use your photos in our marketing without your written permission
4. We will never hold your photos hostage — you can export and delete everything anytime

Questions About Security?

If you have any questions about how we protect your data, email us at [email protected]. We are happy to go into more detail about any aspect of our security architecture.