Glossary
The concepts behind a secure digital marketplace, in plain language.
Preview
A deliberately degraded, watermarked version of a product that anyone can see before buying. Generated from the master and safe to expose publicly.
Master
The real deliverable a buyer receives after paying. It lives in a private bucket and is never given a public URL.
Preview → Pay → Download
Vaultmark's core flow. You can browse and preview freely, but the master is only released after a payment is verified on the server.
Trust boundary
The line between “anyone can look” and “only a paying buyer can fetch.” Money changes hands at this boundary, and the download right is granted by the server, not the browser.
Signed URL
A temporary, cryptographically signed link that grants access to a single private file for a short window (e.g. two minutes for a master, an hour for a preview).
Webhook
A signed message Stripe sends our server when a payment completes. The download is unlocked by this verified webhook — never by the buyer landing on a success page.
Idempotent
An operation that's safe to repeat. Our payment webhook is idempotent, so a replayed event can't grant a download twice or double-count an order.
Watermark
Text or marks overlaid on a preview to make it unsuitable for real use, protecting the creator while still showing buyers what they'd get.
RLS (Row-Level Security)
Database rules that ensure each user can only read or change their own rows. Creators manage only their products; buyers see only their own orders.
Download window
The limited time and number of downloads a buyer gets after purchase. Links expire and are capped to prevent unlimited redistribution.
BAA (Business Associate Agreement)
A contract required for handling protected health information under HIPAA. Our HIPAA-tier claim is gated behind signed BAAs with every data processor.
Master vs preview path
Two separate storage locations. Only the preview is ever served to the public; the master path is written and read solely by trusted server code.