Ooona's Online Toolkit is hosted on Amazon Web Services (AWS) and our entire environment was secured and verified by IT security professionals.
Having our servers go through security adjustments and penetration tests makes it safer than your personal computer (unless you're a cyber expert who's taking extra measures protecting your home network and personal computer).
You can also turn on two-factor authentication via email account, SMS or Google Authenticator (if setup) on every login.
First of all - we never demand that you upload any video content.
You can keep all your content on your own computer. If you want to see the shot-changes and waveform in the timeline, Ooona's Agent can generate them locally from the video.
We will never upload your video anywhere when you play it from your local hard-drive (with the Agent or without). The video is played directly from your computer.
Unlike your local video content, your subtitles projects are uploaded to our servers.
The only one who can see your projects is you (or a system administrator that can help you troubleshoot problems with your permission).
No other user will see your projects and the only one with access to them is you.
For enterprise customers we take extra measures to make sure their content is kept private even from their own employees.
An enterprise customer will receive a dedicated isolated Toolkit environment - it will only contain users and projects from the customer's company and no-one else will be able to access it.
The customer will have the ability to turn on two factor authentication for all users to make sure they can't individually turn it off and make their account less secure.
When a user plays a video, his email and IP address show up on the video player (changing size and position) which makes it easy for the video owner to know where a screenshot came from and who took it.
Ooona provides a complete DRM solution for enterprise customers.
This will allow you to upload your video to the cloud after encrypting it and the only way to play that video will be from inside the customer's dedicated Toolkit instance (it won't play if someone gets the encrypted files and won't even play on other customer's Toolkit instances).
In this case, it's safer to stream a DRM encrypted video than to supply an employee with a video file as the only way to watch the encrypted stream is from inside the isolated Toolkit instance.
Although we know a thing or two ourselves, we approached external consultants who really specialize in security.
We're ISO 27001:2013 compliant.
We've passed several penetration tests from a dedicated security company:
Our cloud infrastructure was defined by cloud specialists to keep it secure :
Every communication between your computer and our servers is encrypted with SSL: