SECURITY

Security at KlipFast

We take the security of your data seriously.

Security Overview

Data Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Controls
Role-based access, MFA required for all staff, principle of least privilege.
Auto-deletion
Uploaded videos deleted immediately after processing. Clips stored per your plan retention policy.
Incident Response
24-hour incident response. Customers notified within 72 hours of any breach.

Compliance Status

StandardStatusNotes
GDPR Compliant
CCPA Compliant
DPA Available Yes
SOC 2 Type II🔄 In ProgressExpected Q4 2026
PCI DSS Handled by Stripe
WCAG 2.1🔄 In Progress

Infrastructure Security

HostingVercel
SOC 2 Type II certified
DatabaseSupabase
SOC 2 Type II certified
File StorageCloudflare R2
ISO 27001 certified
PaymentsStripe
PCI DSS Level 1 certified
AI ProcessingAnthropic
Enterprise security controls

Security Practices

  • Regular dependency updates and vulnerability scanning
  • Automated security testing in CI/CD pipeline
  • Employee security training and background checks
  • Vendor security assessments
  • Data minimization principles
RESPONSIBLE DISCLOSURE
Found a vulnerability?

We appreciate responsible disclosure. All reports are acknowledged within 24 hours and handled seriously.

PGP Key:Available on request
Response:Within 24 hours

We do not take legal action against researchers who report vulnerabilities in good faith.

BUG BOUNTY
Coming soon

We are working on a formal bug bounty program. In the meantime, responsible disclosures are acknowledged and rewarded at our discretion. Reach out to security@klipfast.com to discuss.

SOC 2 Roadmap

View full SOC 2 preparation details →
Q1 2026
Security controls documentation
🔄
Q2 2026
Gap assessment and remediation
Q3 2026
Audit preparation
Q4 2026
SOC 2 Type II audit
Q1 2027
SOC 2 Type II certification expected
Need our security documentation?

For vendor assessments, security questionnaires, or compliance reviews — email us and we'll respond within one business day.

Request Security Docs