pencild
For Artists For Studios
Pricing News
Log in Start your free trial

Professional-grade security

How pencild protects your client data with encryption and access control.

← Back to Help Centre

Encryption

How pencild protects your sensitive information.

Yes! pencild uses strong encryption to protect your sensitive information.

Encrypted fields include:

  • Email content (subject, body, snippets)
  • Phone numbers
  • Physical addresses
  • Personal notes
  • Financial information (costs, deposits)
  • Instagram message content
  • OAuth tokens (email, Instagram connections)

How encryption works:

  • Each user has their own unique encryption key
  • Your encryption key is itself encrypted with a master key
  • Data is encrypted before being stored in the database
  • Only your account can decrypt your data

What this means for you:

  • Even if our database were compromised, your data remains unreadable
  • Our staff cannot read your personal client information
  • Your data is protected at rest and in transit

Yes! Even though your emails and data are encrypted, you can still search through them.

How encrypted search works:

pencild uses a technique called HMAC-SHA256 tokenisation. This creates searchable "tokens" from your content without exposing the actual data.

You can search by:

  • Email subject lines
  • Sender names and addresses
  • Content within email bodies
  • Client names and contact info

Your data stays secure while remaining searchable – you get the best of both worlds.

Data Access

Who can see your data and how access is controlled.

Your personal data: Only you can see and access your personal account data.

If you're in a studio:

  • Studio owners can see studio-level data and data assigned to the studio
  • Artists can see data specifically assigned to them
  • Your personal data (personal email, personal clients not assigned to studio) remains private

Data isolation:

  • Every database query is scoped to your user account
  • Cross-user data access is technically impossible
  • Studio data is isolated from other studios

Yes! OAuth tokens for your connected services (email, Instagram) are heavily protected.

How tokens are stored:

  • Tokens are encrypted with your personal encryption key
  • Encrypted tokens are stored in the database
  • Never stored in plain text or logs

Token refresh:

  • Instagram tokens expire after 60 days
  • pencild automatically refreshes tokens 10 days before expiration
  • You don't need to reconnect manually

If you disconnect an account:

  • Tokens are immediately invalidated
  • Encrypted token data is removed
  • The external service no longer has a valid connection

Deletion & Export

How to delete your data and export everything you own.

Soft delete (recoverable):

When you delete records (clients, projects, etc.):

  1. The data is marked as "deleted" but not removed
  2. It's hidden from all normal views
  3. Data is retained for 30 days
  4. During this period, you can contact support to recover it
  5. After 30 days, permanent deletion occurs automatically

Permanent deletion:

  • Happens automatically 30 days after soft delete
  • Also occurs 30 days after account cancellation
  • Once permanently deleted, data cannot be recovered

Why soft delete:

  • Protects against accidental deletion
  • Allows recovery if you change your mind
  • Maintains data integrity for related records

Yes. You can export your data at any time.

This is fundamental to pencild's philosophy:

Your clients, your records, your files. They're yours. You should always be able to take them with you.

This is part of what makes pencild different from studio-controlled software – your data is portable, and you're never locked in.

Related Topics

Email & Instagram

How connected accounts are secured

Billing & Account

Account cancellation and data retention