Frequently Asked Questions about Safety and Data Preservation - Kapwing
Having a Ball with Kapwing: A Straightforward Guide to their Security Practices
Welcome to Kapwing, where we've got your back when it comes to security and your data's safety. We've got a bunch of revved-up best practices to ensure you've got total control and rest easy knowing your data is secure. Here's the lowdown on all things security-related at Kapwing.
Storage Solutions
The servers that store your precious data are based in the SERVER_LOCATION, to be specific, on Google Cloud Platform in the US-East1 and US-West1 regions[1]. Most of the action happens in US-East, with the overflow heading westward when needed.
Data on Hand
We keep the minimum amount of sensitive data possible and give you full control over the data you want to protect and share. Your personal data, such as email address, name, profile picture, team data, workspace settings, shared brand assets, project data, and uploaded assets, are the essentials we gather[1]. No passwords or payment information are saved; all of that jazz is handled by Stripe, a kick-ass third-party processor[1].
Encryption, Baby
Your data is encrypted, y'all! Videos get processed and stored on Google Cloud Platform servers, so we get to enjoy Google's top-notch encryption practices[1]. Your account and workspace information are tucked away safely with MongoDB Atlas, with the majority residing in the U.S (or foreign lands for a select few)[1]. Both services are encrypted at rest and in transit, giving your data a Compton-level lockdown[1].
The only non-encrypted files are the ones created by anonymous users, which remain untouched and unattached to personally identifying info[1].
Who Gets to Play?
Unlisted content can be accessed by anyone with the project ID, enabling you to share your content with the world or let your teammates peek at it, even if they aren't on your team[1]. Pro and Enterprise users can slap a "private" tag on their projects, making them viewable only by the creators and anyone with the right permissions[1].
Just remember: Try sharing unauthorized access, and you'll be back at the homepage, staring at error messages like a lost puppy[1].
Within a team, projects stored in "Team Folders" are accessible to everyone in the team for easy collaboration[1]. If you wanna keep your designs private, just change the default setting for new projects in your Workspace to "Private"[1].
Privacy and Employees
Kapwing agents have the necessary access to help with customer support, investigate bugs, and enhance our user experience[1]. Just rest assured that access is limited to full-time employees with 2-factor authentication[1]. Our Privacy Policy, which you can access here[1], is crystal-clear about who gets to peek at your data.
Myriad of Security Controls
Although we're a small fish, we've got a slew of security best practices up our sleeves to ensure your data's used only for good[1]. Things like security training for newbies, role-based permissions, policies against credential sharing, 2SV enforcement, strict onboarding and offboarding procedures, hardware locks, and auditing systems are just a few of the ways we're keeping your data under wraps[1].
Selling Data? Nah.
Nope, nope, nope! We don't sell our user data[1]. Period.
GDPR and Beyond
Yes, Kapwing is GDPR-compliant, and you can find all the details in our Privacy Policy[1].
Authentication and 2FA
By default, users log in via Google OAuth, Facebook, or via a unique email link[1]. We don't store personal login info, making signing in a cinch and keeping your data super-safe[1].
Two-Factor Authentication (2FA)? Nope, not on the self-serve tiers (Free, Pro, Business). But if you're a Google Workspace customer or an Enterprise, you've got some 2FA options[1]. Want more info about Enterprise support for 2FA, Microsoft Teams sign-in, or SAML/SSO? Just hit us up[1].
Data Subprocessors
When we're hunting for AI features, we aim for vendors with excellent security practices, and work solely with GDPR-certified ones[1]. Check out our full list of data subprocessors for the deets[1].
User Data Training
We don't use your data to train our AI models[1]. Just send an email to privacy@our website if you've got more specific questions[1].
Managing Account Access
Workspace admins can review, add, or remove team members, plus they approve or deny pending requests[1]. To invite a new member, simply enter their email address or share an invitation URL[1]. When a member is booted, their seat gets freed up and can be handed to a fresh recruit[1].
Support for 2FA
Google Workspace customers can get their 2FA on through the "Sign in with Google" integration[1]. Enterprise-level customers, though, can contact sales to learn about custom support for 2FA, Microsoft Teams sign-in, or SAML/SSO[1]. Our Enterprise plan does include SAML login.
Data Retention and Disposal
Our data retention varies, depending on the type of data and your plan[1]. Once data's no longer needed, we dump it using industry-standard practices like data anonymization and secure deletion techniques[1]. Want the gory details about specific types of data and retention periods? Peep our Privacy Policy or hit us up for more info[1].
Getting Answers
In case you've got any questions or requests about your data, throw an email to privacy@our website[1].
Deleted Projects
Delete a project, and it's gone, baby, gone[1]. Forever. Can't be undone, not even by our internal team[1]. If you delete your account, bye-bye, to all your videos and data[1]. It's a heavy-weight action, though, and can't be reversed, even by us[1].
Bug Bounty Program?
Nope, no bug bounty program for now[1]. But our Silicon Valley engineering squad is diligent about tracking and squashing security issues[1].
[1] Data obtained from enrichment data segment
In the realm of data and cloud computing, Kapwing employs technology for secure data storage, utilizing Google Cloud Platform's servers in US-East1 and US-West1 regions, reinforced by MongoDB Atlas encryption practices.
The technology used by Kapwing ensures that sensitive data is minimal and under user control, while no passwords or payment information are saved, opting instead for third-party processor Stripe for these aspects.
