The Fashion Week Blueprint
FWB TrustSELF-VERIFIED · MAY 26, 2026

Trust Center

How we protect the data members and their customers entrust to us, stated plainly. Where something is committed but not yet in place, we say so.

Last verified: May 26, 2026

Overview

The Fashion Week Blueprintis a single-tenant-per-organization platform for fashion event producers. Our security rests on a small set of SOC 2 / PCI-certified infrastructure providers, defense-in-depth at the application layer (row-level security, authenticated server-only data access, signed tokens), and a documented, multi-tier backup posture. Most personal data on the platform belongs to each member's business and is controlled by that member; we act as their processor for it.

Security & privacy practices

Security

  • Encryption everywhere: TLS 1.2+ in transit and AES-256 (or equivalent) at rest. Cold backups are additionally encrypted client-side before they ever leave our pipeline.
  • Multi-factor authentication is available to all account users through our authentication provider.
  • Least-privilege data access: sensitive tables enforce row-level security, and all reads and writes flow through authenticated server routes that check organization scope and role-based permissions before touching data.
  • Vulnerability management: secrets are kept out of source control and stored in the hosting platform's encrypted environment, with a documented key-rotation protocol.
  • A documented, three-tier database backup posture plus weekly content backups, with an encrypted-archive recovery drill that has been executed and verified end-to-end.

Privacy

  • GDPR-aligned: lawful-basis framework, Standard Contractual Clauses for cross-border transfers, and a clear controller / processor split.
  • CCPA/CPRA-aligned controls for California residents, with support for other US state privacy frameworks.
  • 72-hour breach notification commitment from the time we become aware of a qualifying incident.
  • A documented data-subject-rights mechanism (access, correction, deletion, portability) with response timelines tracked against applicable law.
  • Retain-on-delete for legal records only: when an account is deleted, evidentiary records are pseudonymized rather than destroyed; operational data is removed.

Built on trusted infrastructure

The Fashion Week Blueprint is built on infrastructure providers with industry-recognized security certifications:

SupabaseDatabase, authentication, and storage — maintains SOC 2 Type II.
VercelApplication hosting and edge delivery — maintains SOC 2 Type II.
StripePayment processing — PCI DSS Level 1. Card data never touches our systems.
CloudflareCold backup storage — SOC 2 Type II, with object-lock (WORM) compliance retention on production backups.

We name our providers rather than display their logos, to avoid implying any endorsement by them.

Our certifications

Fashion Week Blueprint LLC does not yet hold independent third-party security certifications. We state this plainly rather than imply otherwise. The following commitments are in place:

  • SOC 2 Type II certification (or an ISO 27001 equivalent independent attestation) within twelve months of our first Enterprise subscription, per Member Terms of Service §18.6(f)(iii). The platform is pre-launch with no Enterprise subscriptions yet, so that clock has not started.
  • Cyber liability insurance: in evaluation.
  • Periodic third-party penetration testing: committed, planned ahead of the first Enterprise engagement; not yet conducted.

The security baseline these will attest to is already our operating standard, described in our Privacy Policy Section 8.

Privacy controls

  • 72-hour platform-wide breach notification from the time we become aware of a qualifying incident.
  • GDPR-aligned data-subject rights with documented response timelines (one month under GDPR, 45 days under CCPA, with extensions where permitted).
  • Support for California, EU, and other US-state privacy frameworks.

Full detail lives in our Privacy Policy.

Sub-processors

We maintain a current, public list of every third-party service that may process personal data on our behalf, including its purpose and location of processing.

See our Sub-processors list.

Reporting a security issue

If you discover a security vulnerability, please report it to security@fashionweekblueprint.com. We respond to all security reports within 5 business days. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.

Requesting security information

For specific security questions, or to request a response to a security questionnaire, contact privacy@fashionweekblueprint.com.

Legal documents and versions

The current published version of each binding agreement and policy. Versions are sourced from a single source of truth in the codebase, so what appears here always matches what the platform serves.

Last verified: May 26, 2026. We review this posture on a quarterly cadence and on any material infrastructure change. Continuous, automated re-verification of backup freshness, recovery-drill cadence, and dependency alerts is on our roadmap.