NEXCUE
Security & Trust

Built to never
drop a cue.

Live production has zero tolerance for "the cloud is down". NEXCUE is engineered so the runtime that fires your cues runs on your machine, with a cloud companion you can opt into — never depend on. Here's how we treat your data, your shows, and your trust.

Offline-first by design

NEXCUE Studio runs fully on your machine. The runtime that fires cues never depends on the cloud. If the internet drops mid-show, the show keeps running.

Encryption in transit & at rest

All cloud traffic uses TLS 1.2+. Data at rest in Supabase Postgres is encrypted. Backups are managed and encrypted by the platform.

Signed licensing

License entitlements are cryptographically signed by our license server. Tampering invalidates the signature. Activations are bound to a machine ID with offline grace.

Project ownership stays yours

Showfiles are portable. Sync to cloud is opt-in per project. You can export a full project at any time and keep working without us.

EU-hosted infrastructure

The marketing site, dashboard and license API are deployed on Vercel's EU edge. Database is Supabase EU. Stripe/FastSpring handle payments — we never store card data.

Privacy by default

We ask only for what's needed to run the workspace: email, optional team data. No tracking pixels, no third-party ad networks. Cookies are functional unless you opt in.

Data handling

What we store, where, and why.

Data
Where
Provider
Region
Showfile (rundowns, cues)
Your device
Local filesystem
Cloud project metadata (opt-in)
Database
Supabase Postgres
EU
Account / auth
Auth service
Supabase Auth
EU
Payments
Payments
FastSpring
Global PCI-DSS
Site & dashboard hosting
Edge / CDN
Vercel
EU edge
License signing
API
NEXCUE License Server
EU edge
FAQ

Common questions.

Where is my data stored?

Showfiles live on your machine. When you opt-in to cloud sync, project metadata (rundowns, cues, configurations — not bulky media) is stored in our Supabase Postgres in the EU. Account data (email, profile) is also EU-hosted.

Can I export everything if I cancel?

Yes. Every project can be exported in our open format at any time. Cancellation gives you a 30-day window to download cloud projects before they're scheduled for deletion.

Do you sell or share my data?

No. We don't sell user data, we don't share with ad networks, and we don't run third-party analytics. Service providers (Supabase, Vercel, FastSpring) process data only to deliver the service.

Are payments handled securely?

Yes. Payments go through FastSpring (PCI-DSS Level 1). NEXCUE never sees card numbers and never stores them.

What about GDPR / data subject requests?

We honor GDPR rights: access, rectification, deletion, portability. Email security@nexcue.io and we'll respond within 30 days.

How do you handle production outages?

Show-critical workflow runs on the desktop runtime, so a cloud outage cannot stop a live show. Cloud incidents are tracked and we publish notable incidents on our status page (in setup).

Responsible disclosure

Found a vulnerability?

We take security reports seriously. Email security@nexcue.io with steps to reproduce. Please give us reasonable time to triage and patch before public disclosure. We'll acknowledge within 72 hours.

PGP key and full security policy will be published on this page as we expand the disclosure program.
Privacy Policy Terms of Service Contact us
GDPR-aligned

Data subject rights honored. EU-hosted by default.

No vendor lock-in

Open showfile format. Full export at any time.

Live-show safe

Critical path is local. Cloud is companion, not dependency.