Encryption and Resource Access
- Single sign-on solution for Enterprise plans
- End-to-end 256 bit HTTPS SSL encryption
- All non-essential ports and external network interfaces blocked by default
- No financial data or credit information is stored in any Frame.io system
- All account passwords are stored as one-way hashes
- All client-side communication, sessions, and input are validated server-side
- All media assets are securely accessed on Amazon S3 using signed URLs
- All media assets are encrypted at rest on Amazon S3
- All account data is encrypted and securely stored in the database
- In the event of server failure, all critical systems have redundant failovers to prevent service disruptions
Source Code
- We perform static code analysis of all production code
- We perform a third-party security assessment
- We have Integration and Unit tests for all critical systems
- All sub-dependencies have been vetted for security and performance issues
- All sub-dependencies are directly bundled into the Frame.io application
- We follow strict compliance with source code licensing and open-source licensing
Key Management
Frame.io maintains a strict policy for assigning and distributing keys that may access any production or development systems.
- Master access keys are never distributed to any employees
- Access keys are never stored in any version control system
- Access keys are never stored anywhere as plaintext
- Individual access keys are generated per employee with developer-only access
Secure Workstations
- All company workstations and laptops use encryption for storing any potentially sensitive data
- All company workstations and laptops use anti-malware and antivirus software
- All client data is always anonymized for development purposes
Employee Awareness
- All Frame.io employees have been instructed on best practice security standards
- Frame.io employees are granted granular role access to resources
- Any employee access to sensitive data is tracked and monitored
- Developers only work with anonymized data
Data Loss / Security Breach
In the event of a loss of data or potential security breach, you will be contacted immediately and be kept updated in real-time as Frame.io assesses the situation. Frame.io will quickly take any measures necessary to secure and recover your data. A full incident report will be made available by Frame.io should any incidents occur.