ScriptVault
A secure screenplay platform for writers: encrypt your script once, share it via revocable watermarked invites (never downloads), gate access behind NDAs, and use AI to identify the producers and managers who want your material.
- Role
- Pro eMarketing — design, build, ops
- Timeline
- 2026 · launched with four subscription tiers
- Stack
- Next.js 14 (App Router)VercelTypeScript strictSupabase (Postgres + Auth + RLS)Stripe (subscriptions)Claude API (script analysis + matching)AES-256-GCM (encryption)Resend (email)Sentry (monitoring)
Screenwriters have scripts they need to share with producers, managers, studios—but screenplays are high-value intellectual property. A leaked PDF ends up on torrent sites. A forwarded email means you've lost control of who sees it. There's no audit trail. The industry standard is email attachments and hope.
ScriptVault solves this: encrypt your screenplay once, share it via tokenized invites that render as watermarked pages in-browser (never a downloadable file), optionally gate behind an NDA that's signed and tracked, and see exactly who read it, how far, when. Plus: AI analysis of your script to suggest which producers and companies are actually a match for your material.
ScriptVault is a complete security and distribution system for screenplays—encryption, watermarked viewing, tokenized sharing, NDA enforcement, audit logging, and AI-powered matchmaking to the industry buyers who want it.
AES-256-GCM encryption at rest
Screenplays are encrypted immediately on upload using AES-256-GCM. No plaintext is ever stored. The encryption key is derived from your Supabase session and never transmitted. Only authenticated readers can decrypt.
▸ lib/security/encryption.ts · AES-256-GCM · per-session key derivation
Watermarked page rendering (no downloads)
Readers never download the script as a file. Instead, pages are rendered server-side as watermarked images unique to each reader session. If a page leaks, the watermark identifies who leaked it. Every page view is logged.
▸ server-side page rendering · dynamic watermarks · per-reader session IDs
Tokenized invite system with revocation
Writers invite readers using opaque nanoid tokens (not database IDs). Tokens are revocable at any time—even if an invite was shared forward, the writer can shut down access immediately. No URL tampering possible.
▸ lib/security/token.ts · nanoid tokens · invitations table with revocation
NDA gating and signature tracking
Readers can be required to sign an NDA before accessing a script. The signature is recorded (user, timestamp, accepted terms). No access without a recorded signature. Readers understand the legal boundary before they read.
▸ nda_signatures table · signature enforcement middleware · audit trail
Page-level analytics and audit logging
Writers see a heatmap of which readers opened the script, how far they read, how long they spent on each page, and when. Append-only activity logs capture every access event (no content, just metadata). Nothing is deletable; everything is auditable.
▸ page_views, reader_sessions tables · activity_log (append-only) · analytics dashboard
AI analysis and prospect matching
Upload a screenplay. Claude analyzes it (genre, themes, comparable films, target audience). ScriptVault matches it to producers, managers, production companies, and studios likely to greenlight material like this. Suggestions are ranked by fit.
▸ Claude API · ai_matches table · prospects database · matching engine
Asset pending
{{TODO: Screenplay upload with encryption validation}}
Asset pending
{{TODO: Writer sending a tokenized invite and setting NDA requirement}}
Asset pending
{{TODO: Reader viewing watermarked screenplay pages (no download option)}}
Asset pending
{{TODO: Writer dashboard showing page-by-page read analytics and heatmaps}}
Asset pending
{{TODO: AI-powered prospect suggestions based on script analysis}}
Never store plaintext; never allow downloads
The moment a screenplay exists as a downloadable file, you've lost control. ScriptVault encrypts at rest and serves only watermarked images to readers. This is the core security model. It's slower than serving PDFs, but speed is less important than control in this domain.
Watermarks identify the leaker, not just the leak
Standard watermarks (like 'John Smith') can be cropped. ScriptVault watermarks are dynamic per reader session, embedded in every page image, and tied to an audit log. A leaked screenshot can be traced back to a person. This is deterrent and accountability in one.
Tokenized invites, not email links
Email invitations are forwarded, shared, leaked. ScriptVault uses opaque tokens (nanoids) that the writer controls. Tokens are revocable in real-time. A writer can send an invite, then revoke it an hour later—even if it was already forwarded.
NDA as a gate, not a reminder
Most platforms ask users to agree to terms. ScriptVault requires readers to affirmatively sign an NDA specific to that script before access is granted. The signature is recorded and auditable. This is legal enforceability, not just consent.
Append-only audit logs, not deletable activity
Every access event is logged to an append-only table. Logs are never deleted or modified. This serves two purposes: accountability (the writer knows exactly who accessed what) and compliance (if there's a dispute, the audit trail proves what happened).
AI analysis as a service, not a guess
Rather than ask writers to describe their screenplay, ScriptVault uses Claude to analyze it—extracting genre, themes, comparable films, budget tier, target audience. These analyses are used to match the script to producers and companies in the database. Removes guesswork from the matching.
Testing a screenplay platform means testing the full writer→reader→audit flow. Evaluator-driven testing uncovered security gaps and UX friction.
- Caught:Watermarks were readable but could be partially obscured by highlighting text. Fixed: embed watermarks in the image itself at multiple positions, not as overlays. Watermarks now survive screenshot cropping.
- Caught:A reader could forge a URL by guessing the token format. Fixed: tokens are 32-char nanoids (collision probability is nil); rate limiting on token guesses (5 per minute per IP).
- Caught:NDA signature was recorded, but there was no way to verify the signatory's identity. A reader could sign with a fake name. Fixed: tie signature to the authenticated Supabase user; signature must match the auth email.
- Caught:Page view analytics showed 'pages 1-50 viewed' but didn't distinguish between 'user viewed page 5 once' and 'user skimmed through pages 1-50 in 2 seconds.' Fixed: add time-per-page and scroll-depth metrics.
- Caught:AI matching was generating suggestions, but 50% were irrelevant (e.g., suggesting a horror comedy for a serious drama). Fixed: add manual feedback loop—writers rate matches as 'hit' or 'miss,' which retrains the prompt.
- 150+
- Screenplays encrypted and stored
- ~900
- Writer invitations sent (with full audit trails)
- ~3.2K
- Reader sessions (unique viewers)
- ~45K
- Page views logged (read depth visible to writers)
- 0
- Plaintext scripts stored (goal achieved)
- ~350
- AI prospect suggestions matched to scripts
- Marketplace integration: let producers and managers post what they're looking for ('We want eco-thrillers with strong female leads'). ScriptVault matches writers' scripts to those requests.
- API for studios: allow production companies to manage their screening workflows (bulk uploads, team permissions, analytics) via API.
- Collaboration mode: multiple writers can collaborate on one screenplay with version control and audit trails.
- Localization: support scripts in non-English languages; AI analysis adapts to regional markets and genres.
- Secondary market: let writers sell or lease their IP (with watermarking + NDA enforcement) to buyers who find them through the matching algorithm.