Rigorous security and privacy to protect your most sensitive data

SetKeeper has been vetted by studios including Walt Disney Pictures, HBO Studios, and more.

Protect your data from day one with advanced security features:


  • Single Sign-On (SSO) via Okta, Google SSO, Azure AD.
  • Two-Factor Authentication (2FA), compatible with any Time-Based One-Time Password (TOTP) app like Google Authenticator.
  • Custom Password Policy - enforce minimum length, complexity or special characters when creating passwords across all SetKeeper products.

Distribution Policy

  • Enforce mandatory watermarks on all PDF files sent and/or viewed from the SetKeeper Distribution module.
  • Enforce secure send options: Personal Link, Password Protected Link, and PDF-Download Prevention.

Advanced Watermark Security

  • Burned-in watermark.
  • Forensic Barcode & Unique Tracking Code.

SetKeeper offers features to help customers comply with regulatory and studios requirements. SetKeeper is officially vetted by studios InfoSec teams worldwide and fully supports the General Data Protection Regulation (GDPR) for all users.

SetKeeper helps you comply with data privacy requirements

The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are putting stricter guidelines on productions on the collection and processing of personal information. SetKeeper has been designed to fully meet GDPR and CCPA data privacy regulatory requirements. Learn more about our Privacy Policy and how we protect your data here

SetKeeper Practical Guide to Data Privacy Compliance for Production Companies and Studios

It is necessary for all Production companies and Studios to have data protection tools in place to ensure compliance with the GDPR and CCPA provisions. We have designed this Practical Guide to help both your productions and SetKeeper meet the GDPR requirements together. Download this FREE Practical Guide here.

Training and Privacy awareness

All SetKeeper employees have been given Data Privacy training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and annually thereafter.

Vendor Reviews

All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.. View list of authorized sub-processors

Data Privacy FAQs

Who can access my personal data?

Production companies, their staff and their agents or service providers have access to the personal data and information you provide to them. Certain SetKeeper employees may also access some of your personal information for strictly administrative purposes and/or to perform the services we provide.

You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to support@setkeeper.com.

Where is my personal data stored?

Servers that run the SetKeeper application are based in Ireland.

Does Setkeeper share data with third-party entities?

SetKeeper shares data with a list of selected sub-processors for the purposes of running the service. All our sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.

How long does SetKeeper keep personal data and what happens to my personal data at the end of a project?

In the absence of a retrieval request, we may keep personal data up to 12 months after the end of the subscription for technical or statistical purposes. You have the right to request a retrieval of your personal data according to the conditions mentioned in our Privacy Policy. Once a request is received, we will delete all personal data associated with their account within five business days. We may keep anonymized data for statistical or technical purposes.

Our website has a section dedicated to GDPR and a Practical Guide to GDPR Compliance.

We offer our users a simple way to request data removal: you can email us at support@setkeeper.com.

All SetKeeper employees receive GDPR training using IAPP Privacy Core® resources. Training sessions are conducted upon hire for all new employees and reviewed annually thereafter.

All our current sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements required for GDPR.

How does SetKeeper secure personal data and sensitive files?

SetKeeper has been designed to fully meet regulatory requirements. We undergo routine information security audits by studios and independent experts (such as the Digital Production Partnership) to ensure your data is always protected. Please read our Security page for more information about User Management, Security, and Data Collection and Processing.

SetKeeper is built to comply with the strongest business continuity requirements

Automatic backups

SetKeeper databases are automatically backed up in real time and stored in a secure and remote data center not directly linked with our production servers to ensure redundancy of your data. Our server architecture is redundant, meaning even if one server fails, the system stays active and accessible. We maintain more than 99% uptime, which guarantees you service continuity and quality assurance.

Disaster recovery

Our system is designed to re-deploy automatically and identically in case of failure. Our database is designed to automatically restore from our real-time backup at any time using a secured channel.

Incident management

We report any incident that happens on our platform by informing all impacted users via email or in-app chat if available. Our support team is trained to resolve any incident and is available 7/7 by email and phone.

SetKeeper protects and secures your data

Single Sign On

SetKeeper offers Single Sign On implementation compatible with Google Suite, Outlook and Microsoft Azure AD.

Firewall and Antivirus

The SetKeeper system is protected through a strong firewall to filter connections to our servers. SetKeeper also offers an advanced security option, which allows each file uploaded to and downloaded from SetKeeper to be scanned by an antivirus.

Encrypted data transfers

Server to client communications are encrypted with TLS (HTTPS). The system is designed to prevent any plain communication through the Internet.

Ultra-secure data centers

SetKeeper only stores and processes data in Tier 3 data centers, with biometric access control, onsite energy production systems and all IT equipment being dual-powered and provided with two redundancies. SetKeeper runs on top of the same cloud providers as Comcast, Netflix, Lionsgate, NASA, Dow Jones, etc.

Compliance Programs

Our servers are hosted on AWS. Here are AWS IT standards we comply, broken out by Certifications and Attestations; Laws, Regulations and Privacy; and Alignments and Frameworks. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance. AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Training & Support included in all our products

Personal on-boarding

Freelancer training

Let's GO!

Email us to start your free trial.