Security & Privacy

🔐 Core Security Principles

1. Your Server, Your Data

MuseSecure Pro runs entirely on your WordPress installation. This means:

• ✅ Your screenplays never touch our servers
• ✅ You have complete control over your data
• ✅ No third-party storage or cloud services
• ✅ You decide who has access

2. Zero Data Retention (ZDR)

Only selected excerpts are sent to AI providers, never your full screenplay:

• ✅ You manually select text to analyze (typically 1-4 pages)
• ✅ Full screenplay stays on your server
• ✅ ZDR headers prevent AI training on your data
• ✅ Complete audit trail of all transmissions

3. Encryption Everywhere

Multiple layers of encryption protect your work:

• API Keys: AES-256-CBC encryption
• File Storage: Non-public directory with .htaccess protection
• Database: WordPress security + encrypted sensitive data
• Transmission: HTTPS/TLS for all API calls

🛡️ Technical Security Measures

File Storage Security

API Key Encryption

Version Tracking with SHA256

Every uploaded screenplay is hashed for integrity verification:

• SHA256 hash generated on upload
• Stored in version tracking table
• Detects any file modifications
• Ensures screenplay integrity

🔍 Data Transmission Audit Trail

Every AI analysis request is logged:

🚫 What We DON’T Do

• ❌ Store your screenplay on external servers
• ❌ Send your full screenplay to AI providers
• ❌ Share your data with third parties
• ❌ Use your screenplay for training AI models
• ❌ Track or analyze your writing habits
• ❌ Collect analytics beyond basic WordPress data

✅ What We DO

• ✅ Encrypt API keys with military-grade encryption
• ✅ Store files in protected, non-public directories
• ✅ Send only selected excerpts to AI (with your permission)
• ✅ Maintain complete audit trail of all transmissions
• ✅ Use ZDR headers to prevent AI training
• ✅ Hash files for integrity verification
• ✅ Follow WordPress security best practices

🔒 Best Practices for Users

Recommended Security Setup

1. Use HTTPS: Ensure your WordPress site has an SSL certificate
2. Strong Passwords: Use unique, complex passwords for your account
3. Limited Access: Only give screenplay editing permissions to trusted users
4. Regular Backups: Back up your database and uploads directory
5. Keep Updated: Update MuseSecure Pro and WordPress regularly
6. Enable ZDR: Keep Zero Data Retention enabled in Settings

What to Select for Analysis

To minimize data transmission while maximizing feedback quality:

• ✅ Select 1-4 pages at a time (optimal)
• ✅ Choose complete scenes or sequences
• ✅ Include enough context for AI to understand
• ❌ Don’t send your entire screenplay at once
• ❌ Avoid selecting random fragments

📋 Compliance & Standards

Data Protection

• GDPR Compliant: User data control and deletion
• WordPress Standards: Follows all WP security guidelines
• Industry Standards: AES-256, SHA256, TLS encryption

Intellectual Property Protection

• Copyright: Your screenplay remains 100% yours
• Confidentiality: No sharing or disclosure
• Audit Trail: Complete record of what was transmitted

❓ Frequently Asked Questions

Can the AI provider see my full screenplay?

No. Only the text excerpts you manually select are sent. Your full screenplay never leaves your server.

Is my API key safe?

Yes. API keys are encrypted with AES-256-CBC using your WordPress SALT constants. They’re only decrypted in memory during API calls.

Where are my screenplays stored?

In a protected directory on your WordPress server: /wp-content/uploads/musesecure-secure/. This directory is protected by .htaccess and not accessible via web browser.

Can I delete my data?

Yes. You have complete control. Delete screenplays from your dashboard, and all associated data is removed from your server.

What happens if I deactivate the plugin?

Your screenplays and settings remain in the database. Reactivating the plugin restores full functionality. To completely remove data, use the uninstall option.