Security & Trust

01 · How we think about it

Three rules.
Non-negotiable.

Everything we ship with data follows these. If there's ever a conflict, the rule wins.

Your work isn't training data.

Your footage, briefs, brand kit and output never train public models. Not OpenAI's, not Anthropic's, not ours. Fine-tuning happens only on your workspace, locked to your account.

Your data stays in the EU.

Every byte — raw footage, finished cuts, brand kits, metadata — is stored on EU-hosted infrastructure. No US transfers. No surprise replication. GDPR by architecture, not by checkbox.

You can take it with you.

Want to leave? One-click full export — every file, every cut, every asset. And every trace wiped from our systems within 30 days. No lock-in tricks. No "contact your account manager."

02 · What we do with each type of data

Transparent.
Line by line.

The categories of data Vedio touches — where it lives, who sees it, how long it sticks around.

Raw footageYour uploads

Stored encrypted (AES-256) on EU-hosted S3. Accessible only to you, your assigned editor, and QA. Deleted 90 days after project ships unless you request long-term archive.

Encrypted

Brand kitYour identity

Colors, fonts, logo, tone-of-voice profile. Locked to your workspace. Used only to enforce brand consistency on your cuts. Never shared or aggregated.

Workspace-only

Voice / style trainingYour voice

Sampled from your last 30 published posts (with your consent). Trained on a per-workspace fine-tune that never leaves your account. Delete anytime.

Private fine-tune

Finished video outputYour deliverables

Available to download in all formats. You own the copyright outright — no Vedio watermark, no license-back clause. Stored on EU CDN for delivery, purgeable on request.

You own it

Usage analyticsAggregate only

Anonymized metrics on render time, delivery speed, feature usage — used to make Vedio faster. No PII. No content inspection. You can opt out in settings.

Anonymous

SOC 2 Type II

Audit in progress. Expected completion Q3 2026. Interim SOC 2 readiness report available under NDA — info@vedio.dk.

Q3 2026

ISO 27001

On the roadmap for 2027. Using ISO-aligned controls today (access management, change control, incident response).

2027

03 · EU by default

Silkeborg HQ.
EU-only data residency.

We're a Danish company. Our team is in Silkeborg. Our infrastructure is in Frankfurt and Stockholm. No data ever leaves the EU without your explicit approval.

For agencies and brands handling sensitive client work — or anyone tired of US "sub-processor" chains — that means less paperwork, cleaner procurement, and no Schrems-II anxieties.

Primary storage: AWS Frankfurt (eu-central-1)

Backup replication: AWS Stockholm (eu-north-1)

CDN delivery: Cloudflare EU edge only

LLM inference: EU-hosted instances (no US round-trips)

Data Processor registration with Datatilsynet (Danish DPA) — in progress

Silkeborg

04 · What we don't do

Shorter list.
Bigger statement.

Things other video platforms do that we explicitly won't.

No training on your content

Your footage never improves a model anyone else can use. Ever.

No data sold or shared

We don't sell analytics to ad networks. We don't share with partners. Your data is yours.

No US transfers

Data stays on EU infrastructure. No Schrems-II gymnastics, no standard contractual clauses needed.

No hidden sub-processors

Full list public and versioned. You get 30-day notice before any change.

No dark-pattern retention

You leave, your data leaves. 30 days max. Full export + permanent deletion, one click.

No AI face/voice clones of your team

We edit real footage. No synthetic avatars. No fake voices. Never.

Enterprise buyer?
We speak procurement.

DPA, sub-processor list, SOC 2 readiness report, InfoSec questionnaires — all available under NDA within 48 hours.

Security & complianceinfo@vedio.dk

Data protection (DPO)info@vedio.dk

Incident reportinginfo@vedio.dk

Read privacy policy

Your brand is yours.We keep it that way.

Three rules.Non-negotiable.