Your Footage. Your Data. Your Control.
Fableform is built for professional filmmakers working with sensitive pre-release content. We've designed our architecture to give your creative work maximum privacy while keeping the platform features that make production work possible.
Your creative content stays on your local device. Screenplays, video and audio assets, image references, and your project's working files are stored in a local database on your machine. Our servers do not store these files.
What lives on our servers, by design, is the coordination layer needed to run the platform:
This hybrid design keeps your finished creative work on your device while letting the platform handle billing, audit, continuity, moderation, and collaboration.
When you initiate a generation, your prompt and any reference images transit through our API pipeline to the AI provider you have selected. Generated outputs return through the same pipeline and are temporarily cached on our servers for up to one hour, after which they are automatically deleted by a background sweeper. Generated output files are not persistently stored on our servers.
Your prompt and a record of the generation (provider, timestamp, cost, outcome) are retained in the generation audit log described above.
Beta participants are subject to the data retention terms set out in their Beta Agreement, which govern the retention of generation records during the beta period.
Fableform does not use your content to train AI models.
We contract with our AI generation providers on a no-training basis and work to maintain Data Processing Agreements with each provider that reflect this principle. We continue to negotiate, update, and expand these protections as we add or evaluate new providers.
If you would like to know which AI providers are currently engaged for your generation requests, or to limit your generations to a specific subset of providers, contact us at privacy@fableform.ai.
Authentication uses JWT-based access and refresh token pairs with proactive refresh on the client. Access tokens expire after 24 hours; refresh tokens after seven days. Token handling and refresh logic are managed by our authentication service.
Project access is controlled by role-based permissions: owner, admin, collaborator, and viewer at the project level; owner, admin, and member at the team level. Access controls are being actively hardened ahead of public beta.
Data stored on our servers is protected by infrastructure-level disk encryption provided by our hosting platform. API requests are encrypted in transit using TLS, and WebSocket connections use TLS in production.
API keys and other provider secrets are stored outside version control in a dedicated secrets directory and loaded at runtime. We confirm regularly that no secrets are committed to our source repository.
Project files on your local device are protected by your operating system's disk-level encryption, such as FileVault on macOS or BitLocker on Windows. We recommend enabling full-disk encryption on any device you use to work in Fableform. Application-level encryption for the local project database is planned for our native desktop release.
Generation activity is logged with per-user, per-project granularity, including AI provider, prompt, cost, duration, and status. Application errors are captured in centralized backend logs, and our process manager automatically restarts services on failure. Centralized log aggregation and project activity audit trails are part of our pre-beta hardening work.
We have built infrastructure for on-chain IP attribution and royalty distribution using Thirdweb and 0xSplits on the Base network. This system is not yet active for production generations. When it goes live, on-chain registration will be opt-in and scoped to projects whose creators choose to register them.
If you discover a security vulnerability in Fableform, please report it to security@fableform.ai. We aim to acknowledge reports within 48 hours. We ask that you give us reasonable time to address the issue before public disclosure.
For security-related inquiries, DPA requests, or enterprise compliance questions: security@fableform.ai