Your assets are your product. We treat them that way.
Encryption, signed delivery, scoped keys, and isolated spaces, on every plan, including the free one.
Encrypted, everywhere
Every request runs over TLS, and assets are encrypted at rest in durable object storage. There is no plaintext path through the platform.
Signed URLs & access tiers
Every asset is public, private, or authenticated, your choice. Private and authenticated delivery is gated by time-limited, HMAC-signed URLs.
Scoped API keys
API keys are scoped to a single space, so a leaked key can never reach beyond it. Rotate or revoke any key instantly from the dashboard.
Two-factor accounts
Protect your account with one-time-password 2FA. Sessions are managed per device and can be revoked the moment something looks wrong.
Isolated spaces
Every space is isolated at the storage and access-control layer. Your assets, members, keys, and settings never bleed into another tenant.
Deletes you can undo
Deleted assets pass through a trash window before permanent removal, so a bad script or a wrong click is recoverable, not catastrophic.
Your assets
Files you upload stay yours, in every sense. Originals live in durable object storage and are only processed to produce the transforms you request. Access types are enforced on every request: public assets are cached at the edge, private originals require a valid signature, and authenticated assets are never publicly cached at all. You can export everything through the API at any time; there is no lock-in by design.
Your users' content
Assets delivered through the CDN set no cookies and carry no trackers; your users receive the file and nothing else. Face detection runs only when a transform asks for it, returns crop coordinates rather than identities, and is never used to recognise or profile anyone. For personal data inside uploads, you stay the controller and Tuzzle acts strictly as your processor under the Data Processing Addendum.
Your account and team
Accounts support one-time-password two-factor authentication and per-device session management. Spaces have role-based access (owner, admin, user, viewer), so teammates get exactly the access their job needs, and invitations can be revoked before or after acceptance. Activity inside a space is logged, so you can see who did what.
Our side of the deal
Internally we follow least-privilege access: production data is reachable only by the people and services that operate it. Infrastructure is monitored, secrets are scoped and rotated, and webhook payloads are signed so you can verify they came from us. We are a small team, which cuts both ways, so we keep the attack surface small too.
Found a vulnerability?
We want to hear about it before anyone else does. Email [email protected] with the details and steps to reproduce. We will acknowledge your report quickly, keep you updated while we fix it, and credit you if you would like. Researchers acting in good faith will never face legal action from us for their research.
For how we handle personal data, see the Privacy Policy and the Data Processing Addendum .
Start delivering faster media today.
Free to start, no credit card. Be up and running with your first transform URL in minutes.