Security

BASS MASTERING Security and Privacy Model

BASS MASTERING’s security model separates the public SEO site from the mastering app, keeps core audio processing local-first where possible and avoids publishing sensitive DSP/IP details in public content.

Key takeaways

Public site vs app layer

The public site contains crawlable marketing, guides, glossary and research pages. The app is served directly at the root domain, while SEO/GEO pages remain under explicit content paths so audio processing, workers and WASM can use app-specific headers without slowing every content page.

What is not published

Public SEO/GEO pages must not include rule weights, proprietary thresholds, source maps, private signing keys, internal tokens or unpublished customer audio.

Responsible disclosure

Security reports should be directed to a controlled contact channel. Do not publish exploit steps, keys or proof-of-concept details in public content.

Telemetry boundary

Analytics and performance monitoring must not include audio content. Any telemetry should be opt-in or privacy-reviewed before launch.

FAQ

Does BASS MASTERING publish source maps?

Production source maps are disabled for public deployment.

Is robots.txt used for security?

No. robots.txt is not a security boundary; private files must not be deployed publicly.

Master AI-generated music with fifteen automatic outputs

Run a local-first analysis, receive five Impact, five Middle and five Refined finished outputs, compare raw-original A/B and export the selected release-ready master with BASS MASTERING.

Open BASS MASTERING app