Security

Our Commitment to Security

At deum.video, we take the security of your data seriously. This page outlines our security practices and infrastructure.

Infrastructure Security

Cloud Provider: Our infrastructure runs on Amazon Web Services (AWS), a SOC 2 and ISO 27001 certified platform with industry-leading security standards.

Data Center Location: All data is stored in AWS EU (London) region, ensuring compliance with UK and EU data protection regulations.

Encryption:

• In Transit: All data transmission uses TLS 1.3 encryption
• At Rest: All stored data (videos, database) is encrypted using AES-256

Video Processing Security

Temporary Storage: Videos are stored temporarily in private S3 buckets with strict access controls. Uploaded videos are automatically deleted after processing completes.

Processing Environment: Video processing occurs in isolated AWS Lambda containers that are destroyed after each job.

Access Control: Only authorized system processes can access your videos. Human access is prohibited except for debugging with explicit user permission.

Automatic Deletion: Processed videos are automatically deleted 24 hours after download availability. No long-term storage of your content.

Authentication & Access

User Authentication: We use Clerk, a SOC 2 compliant authentication provider, to manage user accounts securely.

Password Security: Passwords are hashed using industry-standard algorithms. We never store plain-text passwords.

Session Security: User sessions use secure, httpOnly cookies to prevent XSS attacks.

Payment Security

Payment Processing: All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor.

No Card Storage: We never store credit card information on our servers. All payment data is managed securely by Stripe.

Application Security

Code Security:

• Regular dependency updates to patch security vulnerabilities
• Input validation and sanitization to prevent injection attacks
• Rate limiting to prevent abuse and DDoS attacks
• HTTPS-only connections (no unencrypted HTTP)

Monitoring & Incident Response

System Monitoring: We continuously monitor our systems for security threats, performance issues, and anomalies.

Logging: System logs are retained for security auditing and troubleshooting. Logs do not contain sensitive user data.

Incident Response: In the event of a security breach affecting user data, we will notify affected users within 72 hours as required by GDPR.

Third-Party Services

We use the following security-vetted third-party services:

• AWS (Amazon Web Services): Infrastructure and storage
• Vercel: Application hosting and CDN
• Clerk: User authentication (SOC 2 compliant)
• Stripe: Payment processing (PCI DSS Level 1)
• Deepgram: Audio transcription (GDPR compliant, no data retention)
• Supabase: Database (ISO 27001 certified)

Compliance

GDPR Compliance: We comply with the EU General Data Protection Regulation for all users.

Data Protection: We follow data minimization principles - we only collect data necessary to provide our service.

Right to Deletion: Users can request complete deletion of their account and data at any time.

Responsible Disclosure

If you discover a security vulnerability, we ask that you disclose it responsibly:

• Email us at security@deum.video
• Provide details of the vulnerability
• Allow us reasonable time to address the issue before public disclosure

We appreciate security researchers who help keep our users safe.

Best Practices for Users

To keep your account secure:

• Use a strong, unique password
• Enable two-factor authentication if available
• Never share your account credentials
• Log out from shared devices
• Report suspicious activity to security@deum.video

Questions?

If you have questions about our security practices, contact us at:

Email: security@deum.video

General Support: support@deum.video