We use cookies (and other similar technologies) to collect data to improve your experience on our site. By using our website, you’re agreeing to the collection of data as described in our Privacy Policy.
Compliance is the baseline

We aim higher

Our security standards extend beyond the technology and processes we use to secure and encrypt your media on Frame.io—they permeate the DNA of our company. From the creation of our product to the training of our employees, we continue to go beyond compliance to achieve best-in-class security among all cloud-based video platforms.

Download security overview
The world's leading organizations use Frame.io
Audits and Compliances
Trusted Partner Network
TPN is a global, industry-wide content protection initiative, created by the MPAA and CDSA, that provides a set of requirements and best practices to prevent leaks, breaches, and hacks of pre-released, high-value media content.
SOC 2 Type 2
The SOC 2 Type 2 audit was performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, ensuring Frame.io complies with their three key principles: security, availability, and confidentiality.
Privacy Shield
Frame.io is also now self-certified with US–EU Privacy Shield Frameworks. Privacy Shield is an agreement between the EU and US that allows for the transfer of personal data from the EU to the US.

Extended Security for Enterprise

The Frame.io Enterprise plan takes content and login security to a whole new level.

Watermark ID

Deter video leaks with Watermark ID. It overlays a real-time watermark with personal identifying info on each frame. 

Digital Rights Management

Server-side encryption ensures your content is only playable by authorized viewers in the Frame.io web, iPhone, or Apple TV app. 

Two-factor authentication

Add another layer of defense against stolen passwords. Frame.io supports using text message codes or authentication apps. 

Single Sign-on

Authenticate with same name and password you use for your other essential applications for seamless access to Frame.io.

Cloud security

Frame.io is hosted on Amazon Web Services (AWS), which means that we’ve built Frame.io on a foundation of security from the start.

We’ve bolstered our cloud security by implementing all AWS best practices, such as multi-factor authentication (MFA), robust password protection, password and access key rotation, and vulnerability and patch management.

Virtual private cloud, identity and access management, stateful & stateless firewalls, application-level firewalls, and intrusion detection further strengthen the security of Frame.io.

Protecting your media

Visual watermarking prevents leaks of sensitive content. Admins can customize and configure their watermark, which is then automatically burned into any video or image files that users upload.

We utilize Amazon S3 server-side encryption, which uses AES-256 bit key to encrypt uploaded media content at rest.

We keep all uploaded media content private by default—only the asset owner has permission to access these objects. No one can log into your account or access your media unless you invite them to—not even us.

Safeguarding your data

All customer sessions and interactions with the Frame.io platform use SSL/HTTPS. All user data is encrypted using AES-256 bit key encryption—one of the strongest block ciphers available—in our database. Frame.io further protects passwords by hashing them along with salts when stored in the database. 

When users sign up for Frame.io, they consent to having their activities captured in a detailed audit log for admins to view. These audit logs are also available to our customers, providing them  greater visibility into who is doing what on the platform.

Securing our product

In the design phase — Frame.io’s security team reviews all product design and requirement documents to identify any risks early in the development process.

In the development phase — We integrate security tools into the SDLC process that run whenever code is committed to detect any vulnerabilities. 

In the testing/release phase — We perform penetration testing on our product and test extensively to detect potential vulnerabilities prior to deployment.

Personnel security
Frame.io maintains a comprehensive employee on-boarding process, including a device management solution to all laptops, encrypting hard disks, enabling firewalls, and implementing a VPN.
All new hires are subject to a pre-employment background check in order to verify identity, references, and criminal history.
We require all new employees to complete a comprehensive security awareness training, and we conduct annual trainings to maintain continued awareness.

Vulnerability testing

Frame.io subscribes to HackerOne, a group of researchers who work to identify vulnerabilities in our web and iOS apps and other integrations.

We also partner with an Independent Security Evaluator (ISE) to perform network, cloud, and application penetration testing twice a year.

Our continued commitment

Frame.io remains committed to seeking out the newest and best ways to stay ahead of potential threats. It’s our way of promising our customers that we’re always vigilant so that you can feel safe entrusting us with your most valuable content and data. We know that’s what you’ve come to expect from us, and that’s why we hold ourselves to the highest standards.