Security
Last updated July 4, 2026
Keeping your work, your account and your form respondents' data safe is a priority. Here's a plain-language overview of how we protect it and what you can do on your side.
Encryption
All traffic between your browser and OneCraft is encrypted over HTTPS. Your content, uploads and form responses are stored on managed cloud infrastructure with encryption at rest.
Authentication
- Sign in with email and password, or with your Google account.
- Passwords are hashed: we never store them in plain text and can't see them.
- Sessions are handled by our authentication provider and can be signed out at any time.
Payments
Card payments are processed by Stripe, a PCI-DSS certified provider. Full card details go straight to Stripe and are never stored on our servers.
Access and infrastructure
Your content is isolated to your account, and access to production systems is limited to what's needed to operate and support the service. We rely on established cloud providers whose data centres carry industry-standard security certifications.
Sharing controls
Sharing is under your control. A presentation, document or form is private until you publish it, and a public link or embed can be turned off whenever you want. Forms include access controls so you decide who can open them. Anything you make public can be seen by anyone with the link, so share deliberately.
Your data, your control
- Delete any presentation, flyer, form, document or video from your dashboard at any time.
- Delete all your content, or your whole account and its data, from Settings: Security.
What you can do
- Use a strong, unique password, or sign in with Google.
- Keep your email account secure, since it can reset your password.
- Sign out on shared devices, and turn off public links you no longer need.
Reporting a vulnerability
If you believe you've found a security issue, please tell us right away at hi@onecraft.app. We appreciate responsible disclosure and will look into every report.