PixLibre

Trust & architecture

How PixLibre is structured

A high-level map of layers—from structured content through media, experiences, commerce, and client delivery—plus the security, reliability, and operational posture serious studios ask about before they standardize.

Ready to go deeper? Browse our documentation for feature guides and setup detail—no subscription required to explore.

Scalable and reliable infrastructure for every site

Browsers and private object storage meet the CDN edge; HTTPS terminates on the PixLibre application on Google Cloud, which renders experiences and talks to Directus over a private path. Directus is not a public surface—PostgreSQL on Google Cloud SQL sits beside it—while Stripe, print, email, ads, and maps integrate as third-party APIs, with optional telemetry to Sentry.

Layered diagram: client and adjacent object storage connect into a full-width Cloudflare CDN strip; HTTPS enters a Google Cloud Network box where experiences sit left of the branded application; a horizontal flow links the application to Directus, then Directus to a dotted PostgreSQL Google Cloud SQL box; Sentry observability sits left of third-party vendor boxes below. A horizontal strip above the Object storage box (same width, lock icon left, two short lines with side padding) summarizes TLS in transit, encryption at rest on storage, and Turnstile on sensitive auth, with a small gap above the storage box.
Platform architecture: PixLibre on Google Cloud with experiences, Directus, PostgreSQL on Cloud SQL, CDN edge, object storage, third-party APIs, and SentryTLS in transit; encryption at rest on storage;Turnstile on sensitive auth.ClientBrowser · TLSObject storageR2 · Bunny.netCDN & edge · CloudflareHTTPSGoogle Cloud NetworkExperiencesSites · portals · PDPsPixLibreNext.js & APIs(GrapesJS · React)DirectusContent & config plane(Backend as a Service)PostgreSQLGoogle Cloud SQLObservabilitySentryThird-party applicationsStripeProdigiGelatoResendGoogle AdSenseStadia Maps

  • Browser · TLS

    Client

    Visitors and operators use modern browsers; transport is encrypted end to end for app traffic.

  • R2 · Bunny.net

    Object storage

    Private buckets and streaming-friendly paths for originals, derivatives, and video—before public URLs are minted at the edge.

  • Cloudflare

    CDN & edge

    Infrastructure support layer: caching, image routes, and edge delivery patterns aligned to your policies.

  • Sites · portals · PDPs

    Experiences

    Rendered and cached through the application tier—visitors do not call Directus directly; HTML and APIs are composed server-side before responses leave GCP.

  • Next.js & APIs

    PixLibre

    The product runtime on Google Cloud: server routes, APIs, uploads, commerce, and portals—surfaces combine GrapesJS and React where editors and blocks ship.

  • Content & config plane

    Directus

    Structured collections, permissions, and editorial workflows—not exposed on the public internet; the application tier mediates every read and write.

  • Google Cloud SQL

    PostgreSQL

    Relational storage for Directus and supporting services, provisioned as Cloud SQL inside the same private network posture.

  • HTTPS integrations

    Third-party APIs

    Stripe, print partners, Resend, ads, and maps attach at controlled seams with server-held secrets and CSP-aware embeds.

  • Sentry

    Observability

    Optional error telemetry where enabled—helps operators catch regressions without silent failures.

Uploads: images, video, PDFs, and documents—presigned where supported—create or update Directus records and storage keys before public URLs are minted.

Integrations & seams

Third parties attach with scoped keys, HTTPS, and CSP-aware embeds

Media & edge

  • Cloudflare R2Private object storage for images, PDFs, and originals; presigned uploads and least-privilege keys.
  • Bunny.netVideo pipeline—encoding and adaptive streaming paths used alongside still assets.
  • Cloudflare CDN & edgeCache-friendly public URLs, image resizing (`/cdn-cgi/image/`) where enabled, and edge-adjacent delivery patterns.
  • Image watermark workerOptional edge watermarking for public views when studio policy requires it.

Commerce & print

  • StripeCard-present checkout, tax, and webhooks for order lifecycle.
  • Stripe ConnectConnected accounts and destination charges where enabled—payouts stay aligned to seller identity.
  • ProdigiPrint-on-demand fulfillment API and quote flows.
  • GelatoAlternate print catalog and fulfillment integration.

Auth & email

  • ResendTransactional email delivery for invitations, receipts, and verification flows over HTTPS.
  • Cloudflare TurnstilePrivacy-friendly bot attestation on sensitive auth surfaces—reduces automated abuse without legacy CAPTCHA UX.

Maps & monetization

  • Google AdSenseOptional monetization embeds for publisher sites—loaded in sandboxed contexts with tightened CSP where configured.
  • MediavineProgrammatic ad network integration for eligible sites—script allowlists scoped to vendor hosts.
  • CarbonLightweight ad embed option with explicit script/connect/frame CSP guidance.
  • MapboxRaster tiles and geocoding when studios enable Mapbox-backed maps.
  • Stadia MapsRaster tiles alongside Mapbox and Carto options in map settings.

Observability

  • SentryOptional error telemetry in the dashboard app when operators enable it—helps catch regressions without shipping silent failures.

Third-party scripts for ads load in isolated embed contexts where the product enforces CSP guidance; secrets stay server-side; map and ad providers only receive the tokens you configure in settings.

Trust, stated as facts

Straightforward claims you can explore in a trial or demo, then cross-check in our documentation when you want the full picture.

Data security

Client data sits behind portal and delivery boundaries—rooms and delivery surfaces are not anonymous public URLs by default. Media ships through CDN-backed, cache-friendly URLs and private object storage so global delivery stays aligned with your access model.

Secure uploads

Presigned upload flows and least-privilege storage patterns keep your asset graph scoped to the right actors and surfaces.

Private client portals

Access codes, expirations, and download policy give you controls suited to high-trust delivery workflows.

GDPR compliance

Built with consent, access, and erasure in mind so your studio can meet GDPR-style expectations—your counsel can help you map this to your DPA and how you configure the workspace.

Billing & payments

Checkout follows Stripe-hosted payment patterns—the same approach paying clients already trust for card data.

Geo privacy

Control where work appears on maps and public surfaces so geography tells the story you want—and lines up with how you already talk to clients about location data.

Granular permissions

Dashboard permissions map to who may change commerce, the builder, portals, and client delivery surfaces.

Revocable access

Expiring links, download controls, and portal lifecycle patterns support studios that need to tighten or end access over time.

Security, reliability, and compliance

A closer look at how we protect creative work, keep delivery fast at scale, and respect privacy and vendor expectations—so you can compare options with confidence before you subscribe.

Studios deliver sensitive creative work every day. Client-facing delivery, what appears on the public web, and studio-side boundaries (roles, commerce, delivery) are separate concerns—each with the kind of depth you look for when a tool will hold your brand, your clients, and your revenue.

  • Branded client portals — Present work in a dedicated client experience with access codes, expirations, and download rules suited to high-trust delivery—not anonymous public links by default.
  • Geo privacy — Control how location shows up on maps and public surfaces, with sensible defaults for new work and per-portfolio refinement when geography is part of the story—or part of the risk.
  • Search visibility — Hide individual pages, posts, or entire portfolios from search engines when a launch, embargo, or private campaign requires it; metadata and discovery paths respect those choices.
  • Maintenance & pauses — Put the public site into maintenance when you need a clean window to ship a rebrand or major change—while your team keeps working behind the scenes.
  • Public imagery — Where supported, optional friction on casual saving or watermarking on high-value views helps protect hero work without turning the whole site into a vault.
  • Roles & invitations — Granular permissions for who can touch commerce, the builder, portals, and delivery—plus invitations and delegation so day-to-day work does not require full admin access.
  • Commerce trust — Checkout flows follow Stripe-hosted patterns so card data stays where paying clients already expect it, with clear ownership between your studio, your clients, and the platform.

Next up: Capability Deep Dives

Map this architectural footprint directly to the workspace. Explore our specialized pillars—Websites & Publishing, Portfolio, Media, Commerce, Delivery, and Team—to see how each infrastructure layer translates into the native product UI.

All capabilitiesDocumentation
Platform foundation — PixLibre