Security
BASS MASTERING Security and Privacy Model
BASS MASTERING’s security model separates the public SEO site from the mastering app, keeps core audio processing local-first where possible and avoids publishing sensitive DSP/IP details in public content.
Key takeaways
- Marketing pages stay lightweight and crawlable.
- The app can use stricter headers and WASM-specific controls.
- Public documentation must not reveal secrets.
Public site vs app layer
The public site contains crawlable marketing, guides, glossary and research pages. The app is served directly at the root domain, while SEO/GEO pages remain under explicit content paths so audio processing, workers and WASM can use app-specific headers without slowing every content page.
What is not published
Public SEO/GEO pages must not include rule weights, proprietary thresholds, source maps, private signing keys, internal tokens or unpublished customer audio.
Responsible disclosure
Security reports should be directed to a controlled contact channel. Do not publish exploit steps, keys or proof-of-concept details in public content.
Telemetry boundary
Analytics and performance monitoring must not include audio content. Any telemetry should be opt-in or privacy-reviewed before launch.
FAQ
Does BASS MASTERING publish source maps?
Production source maps are disabled for public deployment.
Is robots.txt used for security?
No. robots.txt is not a security boundary; private files must not be deployed publicly.
Master AI-generated music with fifteen automatic outputs
Run a local-first analysis, receive five Impact, five Middle and five Refined finished outputs, compare raw-original A/B and export the selected release-ready master with BASS MASTERING.
Open BASS MASTERING app