Security Policy

Your security and privacy are our top priorities. Learn how we protect your data.

Data Encryption

All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3 protocol. Your videos and personal information are encrypted at rest using AES-256 encryption.

  • End-to-end encryption for sensitive data
  • Encrypted database storage
  • Secure key management with rotation
  • HTTPS-only communication

Infrastructure Security

Our infrastructure is hosted on secure, SOC 2 compliant cloud providers with multiple layers of protection:

  • Distributed denial-of-service (DDoS) protection
  • Web application firewall (WAF)
  • Intrusion detection and prevention systems
  • Regular security audits and penetration testing
  • Isolated network environments
  • Automated backup and disaster recovery

Access Controls

We implement strict access controls to ensure only authorized personnel can access systems and data:

  • Multi-factor authentication (MFA) for all team members
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Secure authentication protocols (OAuth 2.0)
  • Session management and automatic timeouts

Compliance and Certifications

We adhere to industry standards and regulations to ensure your data is handled responsibly:

  • GDPR compliant data processing
  • CCPA compliance for California residents
  • PCI DSS compliance for payment processing (via Stripe)
  • Regular third-party security assessments
  • Data processing agreements available upon request

Security Monitoring

We continuously monitor our systems for security threats and anomalies:

  • 24/7 security monitoring and alerting
  • Automated threat detection
  • Real-time log analysis
  • Incident response procedures
  • Regular vulnerability scanning

Employee Security

Our team is trained in security best practices:

  • Background checks for all employees
  • Regular security awareness training
  • Confidentiality agreements
  • Secure development practices
  • Code review and security testing

Data Retention and Deletion

We retain your data only as long as necessary:

  • Processed videos are stored according to your subscription plan
  • Account data is deleted within 30 days of account closure
  • Backup data is securely erased after retention period
  • You can request data deletion at any time

Reporting Security Vulnerabilities

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

  • Email: [email protected]
  • Use our contact form with "Security" inquiry type
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure

We appreciate responsible disclosure and may offer recognition or rewards for significant findings.

Incident Response

In the event of a security incident:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours
  • We will provide clear information about the incident and remediation steps
  • Post-incident analysis will be conducted to prevent recurrence

Your Security Responsibilities

You can help keep your account secure by:

  • Using a strong, unique password
  • Not sharing your account credentials
  • Logging out when using shared devices
  • Keeping your contact information up to date
  • Reporting suspicious activity immediately

Questions About Security

If you have questions about our security practices, please contact us at: