Security
Specific answers about data handling, retention, and marketing-site boundaries.
In short: this marketing site does not process customer media. Public demos are precomputed; live try-it uploads, when enabled, are ephemeral and deleted within one hour.
When the live try-it widget is enabled, the file you upload is held only for the duration of the workflow run and the result preview. It is deleted within one hour. It is not stored long-term, not used for training, and not accessible to other users.
O Studio Web processes your media on managed cloud infrastructure. Outputs are stored in your account workspace under your control. You decide when to delete them. Workspace data is encrypted in transit (TLS) and at rest.
Windows desktop local processing is proof-gated and reviewed case by case. This site does not claim production-ready desktop availability while installed proof and signing remain blocked.
Enterprise pilots can scope private or hybrid processing, custom retention policies, deletion schedules, and audit access. We do not push you onto a shared tenant if your use case requires isolation.
We do not use your media to train models. We do not share your files with third parties. We do not store your content beyond the policy you agree to. Marketing form data is the only data this site collects, and it is routed only to the configured contact inbox.
SOC 2 certification — not yet earned. We will publish the report when audited.
ISO 27001 — not yet earned.
HIPAA — not in scope for current workflows.
Region pinning — available on enterprise pilots; not on general beta.
Enterprise pilots receive a written security pack with our data flow, retention schedule, and operational boundaries. Request it from the team.