Security & Data Protection
Defense-in-depth so families can enjoy previews without compromising privacy. Originals never touch the public web.
How it works
- On-prem hosting in a hardened DMZ with reverse proxy and WAF.
- Network segmentation (VLANs): Admin (10), Production (20), Secure Storage (30), Guest (40), Payment (50).
- Editors save projects to Secure Storage; production PCs have default-deny internet egress.
- Client portal serves watermarked thumbnails only; originals remain offline.
- Payments handled by a certified processor; no card data stored locally.
Policies that protect families
- Unique token + login per family; QR codes contain no personal data.
- Short-lived, one-time links if digital delivery is approved.
- 3-2-1 backups (with encrypted offsite copy) and quarterly restore drills.
- Role-based admin portal with MFA and SIEM logging.
- Strict retention: archives on schedule; releases require approval.
Traffic flow (simplified)
Internet → [Reverse Proxy + WAF in DMZ] → [Web/App Server]
↓ (RO thumbnails only)
[Secure Storage VLAN 30]
Editors/Photographers (VLAN 20) → Save originals to Secure Storage
Backups (VLAN 10) ← pull from Storage (3-2-1 policy)
Network Architecture Overview
VLAN Segmentation
Five isolated network segments ensure proper separation of duties and access controls.
Firewall Protection
Default-deny policies with explicit allow rules for required traffic only.
Secure Storage
Isolated storage VLAN with read-only access for web services and controlled write access for editors.
Compliance & Standards
Data Protection
- COPPA compliance for school photography
- PCI DSS Level 1 payment processing
- SOC 2 Type II security controls
- NIST Cybersecurity Framework alignment
Operational Security
- 24/7 security monitoring and alerting
- Quarterly penetration testing
- Annual security awareness training
- Incident response procedures