All articles
Creator Stories8 min read

What a Privacy Breach Taught Me About Protecting Creative Work

After a targeted privacy breach reached her unreleased work, ScriptShield’s founder learned that security protects access — but only evidence protects authorship. Part 2 of 4.

Ashe Davis

Founder & CEO, ScriptShield

Ashe Davis is the founder of ScriptShield. She is an optioned Screenwriter, Author, and SaaS Developer, who wanted to help creators prove authorship and protect their intellectual property in the digital age.

A creator securing her devices and records after a privacy breach

This is Part 2 of “A Creator’s Story.” Part 1: The Artist Who Was Never Paid for Her Art.

The contact came out of the blue, the way these things apparently do. I had added “SaaS developer” to a professional bio — a small, proud update — and some time later I found myself in the middle of the most frightening stretch of my creative life: a long, slow privacy breach that reached my accounts, my documents, and the early, unregistered versions of apps I had spent years imagining.

I’m going to tell this part gently and without the forensic details, because the details are not the lesson. If you have been through anything like it, you already know: the exhaustion of not knowing how they’re getting in, the months of methodically re-securing every account and device, the strange grief of deleting apps and changing numbers, the quiet relief when the noise finally stops. It is a violation that follows you around for a long time.

What I want to share is what it taught me — because the lessons turned out to be the blueprint for everything I built afterwards.

The Short Answer: Security and evidence are two different protections, and creators need both. Security — multi-factor authentication, strong passphrases, careful cloud habits — controls who can reach your work. Evidence — timestamped fingerprints, version chains, share records — proves the work is yours no matter what happens. A breach can defeat the first. It cannot rewrite the second. Start an evidence record free.


Lesson one: your unreleased work is your most vulnerable work

A published book has a public record. A released app has a launch date the whole internet witnessed. But the manuscript in your cloud drive, the pitch deck in your inbox, the prototype on your laptop — those exist in a strange in-between where they are at their most valuable and least defended. Early-stage work has no public footprint to anchor it to you. If it leaks, is copied, or resurfaces somewhere else, the question “who made this first?” has no ready answer.

That was the fear that kept me up at night — not just the intrusion itself, but the realisation that if my early work surfaced under someone else’s name, I had remarkably little to point to.

Lesson two: security protects access. It does not prove authorship.

I did eventually secure everything — new numbers, new accounts, hardened devices, better habits. But standing in the wreckage, I understood something that most security advice never mentions: even perfect security only controls access. It says nothing about authorship. If a copy of your work escaped yesterday, today’s stronger password cannot help you show it was yours.

Authorship needs a different kind of protection: an independent, dated, tamper-evident record that a specific work existed in your hands at a specific time. That is what a cryptographic fingerprint and a trusted timestamp do — and they keep doing it whether or not anything bad ever happens.

“We write to taste life twice, in the moment and in retrospect.”

— Anaïs Nin, The Diary of Anaïs Nin

Nin meant it about memory, but it is also true of evidence. A record made in the moment lets you return to that moment later — with proof instead of recollection.


The practical habits I keep now

None of this requires being a security expert. The Australian Cyber Security Centre publishes plain-language guidance that covers most of it. Here is the version I live by as a creator:

Turn on multi-factor authentication everywhere it exists — especially email and cloud storage, because they are the keys to everything else. Prefer app-based or hardware-key authentication over SMS where you can.
Audit what lives in your cloud. Your cloud account is a single point of failure for your entire creative history. Keep offline, backed-up copies of unreleased work, and be deliberate about which drafts sync automatically.
Review app permissions on your phone. Phones are where our guard is lowest. Remove apps you don’t use; question the ones that want more access than their job requires.
Fingerprint work before it travels. Before a draft goes to a collaborator, a competition, or a cloud folder shared with anyone else, hash it and timestamp it. Then the copy that travels is anchored to a record that stays home. Here’s how the hash receipt works.
If you are being targeted, reach for real support. In Australia, eSafety handles serious online abuse, IDCARE supports identity compromise, and ReportCyber takes cybercrime reports. You do not have to untangle it alone — I tried that, and it was the hardest way.

The turn: from fear to infrastructure

Somewhere in those months, the fear quietly changed shape and became a design brief. I could not un-live the breach. But I could make sure that from that day forward, every version of everything I made had a fingerprint, a date, and a place in a chain of records that nobody — not an intruder, not a copycat, not time itself — could quietly rewrite.

That practice became a system. The system eventually became ScriptShield. Not because a record can stop a bad actor — it can’t, and I won’t pretend otherwise — but because a record means a bad actor no longer controls your story.

A breach can defeat your security. It cannot rewrite your evidence.

Resources

Australian Cyber Security Centre — practical personal security guidance. eSafety Commissioner — support for serious online abuse. IDCARE — identity and cyber support service for Australia and New Zealand. Copyright monitoring for independent creators — what watching the internet for copies realistically involves.

Anchor Your Unreleased Work

Fingerprint a draft before it travels. Your first hash receipt is free, private, and takes two minutes — the work itself never leaves your hands.

Get Your Free Hash Receipt

Next in this series: Part 3 — Why Protecting Your Work Shouldn’t Cost $450 an Hour.

Ashe Davis

Ashe is the founder of ScriptShield. After a targeted privacy breach reached her unreleased work, she built the evidence infrastructure she wishes had existed that year.

Share this articleXLinkedInFacebook

Protect Your Creative Work

Generate SHA-256 authorship certificates and track who sees your scripts, manuscripts, and creative works.

Get Started

ScriptShield provides evidence documentation tools for creators. It is not a law firm and does not provide legal advice.

Leo

ScriptShield Support

Hi! I'm Leo, ScriptShield's support assistant. I can help with questions about protecting your creative work, our pricing tiers, how certification works, or anything else. What can I help with?