SECURITY

The local machine is the default trust boundary.

Forge is designed to automate media work without turning the application into another place that stores the user’s entire archive.

01

Local media processing

File discovery, verification and organization are designed to run during ingest on the user’s workstation. Original media is not uploaded to Forge-operated storage as part of ordinary ingest.

02

User-directed delivery

A connected platform receives media only when the user selects that destination and starts the relevant action.

03

Source-safe culling

Native culling stores unreviewed, selected and rejected state inside Forge without changing ratings, flags, labels, EXIF, IPTC, embedded XMP or source files.

04

Database-backed duplicate checks

Forge uses internal fingerprints and file evidence for duplicate protection. It does not depend on writing Forge-specific metadata into original media.

05

Purpose-limited authorization

Production integrations are designed to request only the provider permissions required for the selected action.

06

Revocable connections

Available integrations will support disconnection in Forge and independent revocation through the provider’s account-security controls.

INTEGRATION SECURITY

OAuth secrets do not belong in workflow files.

Forge Flow files describe workflow behavior. They should not contain account passwords, OAuth client secrets or reusable access credentials. Account authorization is handled separately from portable workflow configuration.

Production integrations are designed to use HTTPS, provider-issued authorization flows and secure operating-system credential storage. Forge will update this page as controls move from design into release validation.

REPORT A SECURITY ISSUE

Send a clear description and reproducible steps.

security@forge-media.net