Data Security
Single Sign-On (SSO) via Okta, Google SSO, Azure AD.
Two-Factor Authentication (2FA), compatible with any Time-Based One-Time Password (TOTP) app like Google Authenticator.
Custom Password Policy - enforce minimum length, complexity or special characters when creating passwords across all SetKeeper products.
Enforce mandatory watermarks on all PDF files sent and/or viewed from the SetKeeper Distribution module.
Enforce secure send options: Personal Link, Password Protected Link, and PDF-Download Prevention.
Burned-in watermark.
Forensic Barcode & Unique Tracking Code.
.avif)
The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are putting stricter guidelines on productions on the collection and processing of personal information. SetKeeper has been designed to fully meet GDPR and CCPA data privacy regulatory requirements. Learn more about our Privacy Policy and how we protect your data here
It is necessary for all Production companies and Studios to have data protection tools in place to ensure compliance with the GDPR and CCPA provisions. We have designed this Practical Guide to help both your productions and SetKeeper meet the GDPR requirements together. Download this FREE Practical Guide here.
All SetKeeper employees have been given Data Privacy training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and annually thereafter.
All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements. View list of authorized sub-processors
See below for answers to the most common questions we get asked here at SetKeeper.
Production companies, their staff and their agents or service providers have access to the personal data and information you provide to them. Certain SetKeeper employees may also access some of your personal information for strictly administrative purposes and/or to perform the services we provide.
You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to support@setkeeper.com.
Servers that run the SetKeeper application are based in Ireland.
SetKeeper shares data with a list of selected sub-processors for the purposes of running the service. All our sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.
In the absence of a retrieval request, we may keep personal data up to 12 months after the end of the subscription for technical or statistical purposes. You have the right to request a retrieval of your personal data according to the conditions mentioned in our Privacy Policy. Once a request is received, we will delete all personal data associated with their account within five business days. We may keep anonymized data for statistical or technical purposes.
Our website has a section dedicated to GDPR and a Practical Guide to GDPR Compliance.
We offer our users a simple way to request data removal: you can email us at support@setkeeper.com.
All SetKeeper employees receive GDPR training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and reviewed annually thereafter.
All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements required for GDPR.
SetKeeper has been designed to fully meet regulatory requirements. We undergo routine information security audits by studios and independent experts (such as the Digital Production Partnership) to ensure your data is always protected. Please read our Security page for more information about User Management, Security, and Data Collection and Processing.
SetKeeper databases are automatically backed up in real time and stored in a secure and remote data center not directly linked with our production servers to ensure redundancy of your data. Our server architecture is redundant, meaning even if one server fails, the system stays active and accessible. We maintain more than 99% uptime, which guarantees you service continuity and quality assurance.
Our system is designed to re-deploy automatically and identically in case of failure. Our database is designed to automatically restore from our real-time backup at any time using a secured channel.
We report any incident that happens on our platform by informing all impacted users via email or in-app chat if available. Our support team is trained to resolve any incident and is available 7/7 by email and phone.
SetKeeper offers Single Sign On implementation compatible with Google Suite, Outlook and Microsoft Azure AD.
The SetKeeper system is protected through a strong firewall to filter connections to our servers. SetKeeper also offers an advanced security option, which allows each file uploaded to and downloaded from SetKeeper to be scanned by an antivirus.
Server to client communications are encrypted with TLS (HTTPS). The system is designed to prevent any plain communication through the Internet.
SetKeeper only stores and processes data in Tier 3 data centers, with biometric access control, onsite energy production systems and all IT equipment being dual-powered and provided with two redundancies. SetKeeper runs on top of the same cloud providers as Comcast, Netflix, Lionsgate, NASA, Dow Jones, etc.
Our servers are hosted on AWS. Here are AWS IT standards we comply, broken out by Certifications and Attestations; Laws, Regulations and Privacy; and Alignments and Frameworks. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance. AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.
