Compliance

Vision Cine X Inc. builds its security program around globally recognized standards. We operate under security controls and policies modeled on SOC 2 and ISO 27001 standards. Our systems are designed with these frameworks at their foundation, ensuring enterprise-grade security from day one.

We also comply with major privacy laws, including GDPR in the EU/EEA and CCPA/CPRA in California, to ensure your personal data is handled transparently and responsibly.

AI & Data Handling

AI is designed in Vision Cinex to save time - never to compromise your creative work.

C0 (Confidentiality Zero - Maximum Security Classification)  Scripts and footage fall under our strictest classification level, C0. These assets receive maximum protection with zero-trust access controls. Access to these assets is restricted to the absolute minimum number of personnel required for technical operations, with all access logged and monitored.

Anonymized Processing Scripts are split into small, de-identified fragments before analysis. A full script never leaves your secure workspace.

No Training on Your Data Your creative assets are never used to train external AI models.

Vision's Own Analysis-Only Models For enterprise customers, we offer the option to use Vision's proprietary AI models for script breakdown. These models are:

• Isolated & extra secure - Everything happens inside Vision's infrastructure without reliance on third-party AI services. For maximum security, these models can be deployed and isolated exclusively for that client.

• Restricted by design – they cannot generate scripts or creative content, only analyze what you provide.

• Trained responsibly – built on publicly available scripts.

Future Roadmap We are actively training our own models to replace external services entirely, so that in the future all AI functionality runs internally within Vision no matter the subscription level.

Customer Controls All customers can choose to:

Avoid AI features completely - Vision is fully functional without AI, and AI features are enhancements rather than requirements.

Enterprise Controls Enterprise customers can choose to:

• Run only on Vision's analysis-only models.

• Disable AI features completely - Vision works without AI.

• Require AI processing to remain in specific regions (EU or US).

With these safeguards, AI in Vision Cinex is a secure, optional tool for efficiency - never a risk to your intellectual property.

Data Security

All Vision services are hosted in secure, industry-leading cloud facilities (Digital Ocean, Cloudflare, Atlas MongoDB, and AWS). Data is replicated across multiple availability zones, so your projects remain available even in case of data center failure.

We classify data according to sensitivity:

• C0 (Confidentiality Zero - Maximum Security Classification) – scripts, footage, and other creative source materials.

• Confidential – customer content such as schedules, personal data, or production documents.

• Internal – operational information used within Vision.

• Public – materials we publish, such as marketing content.

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+ with strong cipher suites). We use AWS Key Management Service (KMS) for encryption keys and enforce strict least-privilege access controls.

Production, staging, and development environments are fully separated.

Data Lifecycle Management

Data retention and deletion policies are detailed in our Privacy Policy, including automatic deletion schedules and user-controlled data removal.

Product Security

We follow secure development practices across the platform:

• Dependencies are continuously monitored and updated.

• Static analysis and monitoring tools (like Sentry) help us detect issues early.

Infrastructure & Network Security

Vision Cinex protects data at multiple layers:

Transport Security – All traffic is encrypted with TLS. We enforce HSTS and forward secrecy to prevent downgrade attacks.

Network Segmentation – Production, development, and logging systems are kept separate through Digital Ocean VPCs, security groups, and strict access permissions.

Monitoring – Logs from across our systems are aggregated and analyzed, with automated alerts for anomalies.

Advanced Protection via Cloudflare

• DDoS protection with automatic mitigation

• Bot protection and rate limiting on API endpoints

• SSL/TLS encryption with full strict mode

• Security headers including HSTS, CSP, and X-Frame-Options

• Hotlink protection for media files

Content Protection & Anti-Piracy

Watermarking System We provide comprehensive watermarking capabilities to protect your creative assets:

• Visual watermarking for PDF documents with user-specific identifiers

• Digital watermarking embedded in file metadata

• Dynamic watermarks that include username, timestamp, and session data (Enterprise - coming Q4)

• Server-side rendering for scripts and sensitive documents delivered via secure iframe (coming Q4 2025)

File Access Controls

• Expiring download links with time-limited access

• Session-based viewing with automatic timeouts

• Chunked file delivery instead of complete downloads

• Screenshot detection and protection measures (coming soon)

Future Enhancements By end of 2025, all media and files on Vision will support advanced watermarking with server-side rendering, making unauthorized downloading significantly more difficult while maintaining comprehensive access logs.

Organizational Security

Security is part of how we work:

• All employees complete security training during onboarding, with annual refreshers.

• Engineers receive additional secure development training.

• Background verification for employees handling confidential data.

• Company devices are encrypted, and can be remotely wiped if lost.

• Access to customer data is granted on a strict need-to-know basis and is always logged.

• All staff sign confidentiality agreements.

• Our offices are secured with CCTV and two friendly, but protective office dogs ))

Incident Response

We maintain a formal incident response plan with defined escalation procedures. In case of any security incident affecting your data, we commit to:

• Initial assessment within 2 hours of detection

• Customer notification within 72 hours where required by law

• Transparent communication throughout resolution process

If a data breach ever affects your projects, we will notify you without undue delay and work transparently to address the situation.

Operational Security

We prepare for the unexpected:

• Customer data is redundantly backed up across multiple availability zones.

• Employee devices are protected with full-disk encryption, firewalls, automatic updates, and remote wipe capabilities.

• Regular risk assessments ensure our practices keep pace with evolving threats.

Enterprise Security

Vision Cinex offers additional enterprise-grade controls:

• Single Sign-On (SSO) with providers like Google Workspace, and Okta.

• Role-Based Access Control (RBAC) for precise project and team permissions.

• Custom data residency – Enterprises can choose regional storage for compliance.

• Detailed audit logging through Digital Ocean monitoring and application logs.

• Forensic capabilities limited to available provider logs and system records.

Third-Party Risk Management

All service providers sign Data Processing Agreements (DPAs) with strict confidentiality and security requirements. We regularly review vendor security postures and maintain an approved vendor list.

Current categories and examples of trusted service providers include. Enterprise clients can request the full list at any time. 

• Hosting & Infrastructure (Digital Ocean, Cloudflare)

• Database Services (Atlas MongoDB, Neo4j AuraDB)

• Communications & Key Management (AWS SES, Twilio, AWS KMS)

• Analytics & Monitoring (PostHog, Sentry)

• Payments (Stripe)

• AI Services (with contractual prohibitions on training with your data)

Vulnerability Disclosure

We welcome responsible disclosure. If you discover a potential security issue, please email security@visioncinex.com with details and steps to reproduce. Our team will investigate promptly.