[Legal · security]
Security
How we protect your footage and your account. Encryption everywhere, least-privilege access, and an open door for researchers.
// plain-language summary at the top of each section · we don't hide the important parts
Our approach
Your footage is often unreleased and valuable, so we treat security as a product feature, not an afterthought. We build with least-privilege access, encrypt everything, and design so that a single failure never exposes your work.
Encryption
- In transit: all traffic is protected with TLS 1.2+.
- At rest: media, projects, and backups are encrypted with AES-256.
- Secrets and keys are managed in a dedicated key-management service, rotated regularly.
Infrastructure
The Service runs on hardened cloud infrastructure with network isolation, automated patching, and continuous monitoring. Production access is limited, logged, and requires strong authentication.
Access controls & SSO
- Role-based access controls scope what each team member can see and do.
- Studio plans support SAML single sign-on, enforced roles, and an audit log.
- Internal access to customer content is restricted, justified, and logged.
Data isolation
Customer content is logically isolated per account. Voice models and brand kits are never shared or reused across customers. AI processing runs against your data only to serve your requests.
Desktop app integrity
The desktop app ships as a signed and notarized build, and updates itself with signed releases — so the app you run is always the app we shipped. For sensitive footage, on-device rendering keeps media on your machine.
Responsible disclosure
We welcome reports from security researchers. If you find a vulnerability, tell us before disclosing it publicly and give us reasonable time to fix it.
- Email security@reelm.tech with details and steps to reproduce.
- Don't access or modify other users' data, and avoid privacy violations or service disruption.
- We'll acknowledge your report, keep you updated, and credit you if you'd like.
Compliance
We align our practices with recognized standards and are pursuing SOC 2 Type II. We support GDPR and CCPA data rights — see our Privacy Policy for how to exercise them.
Incident response
We maintain an incident-response plan with defined roles and communication paths. If an incident affects your data, we'll notify affected customers promptly with what happened and what we're doing about it.
Contact
Security questions or reports go to security@reelm.tech. For everything else, use our contact page.
Questions about this policy?
We're happy to explain anything in plain language.