What a Privacy Breach Taught Me About Protecting Creative Work
After a targeted privacy breach reached her unreleased work, ScriptShield’s founder learned that security protects access — but only evidence protects authorship. Part 2 of 4.
Ashe Davis
Founder & CEO, ScriptShield
Ashe Davis is the founder of ScriptShield. She is an optioned Screenwriter, Author, and SaaS Developer, who wanted to help creators prove authorship and protect their intellectual property in the digital age.

This is Part 2 of “A Creator’s Story.” Part 1: The Artist Who Was Never Paid for Her Art.
The contact came out of the blue, the way these things apparently do. I had added “SaaS developer” to a professional bio — a small, proud update — and some time later I found myself in the middle of the most frightening stretch of my creative life: a long, slow privacy breach that reached my accounts, my documents, and the early, unregistered versions of apps I had spent years imagining.
I’m going to tell this part gently and without the forensic details, because the details are not the lesson. If you have been through anything like it, you already know: the exhaustion of not knowing how they’re getting in, the months of methodically re-securing every account and device, the strange grief of deleting apps and changing numbers, the quiet relief when the noise finally stops. It is a violation that follows you around for a long time.
What I want to share is what it taught me — because the lessons turned out to be the blueprint for everything I built afterwards.
The Short Answer: Security and evidence are two different protections, and creators need both. Security — multi-factor authentication, strong passphrases, careful cloud habits — controls who can reach your work. Evidence — timestamped fingerprints, version chains, share records — proves the work is yours no matter what happens. A breach can defeat the first. It cannot rewrite the second. Start an evidence record free.
Lesson one: your unreleased work is your most vulnerable work
A published book has a public record. A released app has a launch date the whole internet witnessed. But the manuscript in your cloud drive, the pitch deck in your inbox, the prototype on your laptop — those exist in a strange in-between where they are at their most valuable and least defended. Early-stage work has no public footprint to anchor it to you. If it leaks, is copied, or resurfaces somewhere else, the question “who made this first?” has no ready answer.
That was the fear that kept me up at night — not just the intrusion itself, but the realisation that if my early work surfaced under someone else’s name, I had remarkably little to point to.
Lesson two: security protects access. It does not prove authorship.
I did eventually secure everything — new numbers, new accounts, hardened devices, better habits. But standing in the wreckage, I understood something that most security advice never mentions: even perfect security only controls access. It says nothing about authorship. If a copy of your work escaped yesterday, today’s stronger password cannot help you show it was yours.
Authorship needs a different kind of protection: an independent, dated, tamper-evident record that a specific work existed in your hands at a specific time. That is what a cryptographic fingerprint and a trusted timestamp do — and they keep doing it whether or not anything bad ever happens.
“We write to taste life twice, in the moment and in retrospect.”
— Anaïs Nin, The Diary of Anaïs Nin
Nin meant it about memory, but it is also true of evidence. A record made in the moment lets you return to that moment later — with proof instead of recollection.
The practical habits I keep now
None of this requires being a security expert. The Australian Cyber Security Centre publishes plain-language guidance that covers most of it. Here is the version I live by as a creator:
The turn: from fear to infrastructure
Somewhere in those months, the fear quietly changed shape and became a design brief. I could not un-live the breach. But I could make sure that from that day forward, every version of everything I made had a fingerprint, a date, and a place in a chain of records that nobody — not an intruder, not a copycat, not time itself — could quietly rewrite.
That practice became a system. The system eventually became ScriptShield. Not because a record can stop a bad actor — it can’t, and I won’t pretend otherwise — but because a record means a bad actor no longer controls your story.
Resources
Australian Cyber Security Centre — practical personal security guidance. eSafety Commissioner — support for serious online abuse. IDCARE — identity and cyber support service for Australia and New Zealand. Copyright monitoring for independent creators — what watching the internet for copies realistically involves.
Anchor Your Unreleased Work
Fingerprint a draft before it travels. Your first hash receipt is free, private, and takes two minutes — the work itself never leaves your hands.
Get Your Free Hash ReceiptNext in this series: Part 3 — Why Protecting Your Work Shouldn’t Cost $450 an Hour.
Protect Your Creative Work
Generate SHA-256 authorship certificates and track who sees your scripts, manuscripts, and creative works.
Get StartedScriptShield provides evidence documentation tools for creators. It is not a law firm and does not provide legal advice.