StudioBinder Security

At StudioBinder, we know how valuable your work is to you. That’s why we work hard to respect your privacy and ensure that your data and documents are always safe with us. Here are some of the ways in which we keep your data private and your work secure.

Password Policy

When creating an account on StudioBinder all passwords are required to meet the following criteria:

At least 13 characters long
Contains an uppercase letter
Contains a lowercase letter
Contains a number
Contains a special symbol/punctuation

Passwords that do not meet these criteria will not be allowed to create an account.

At StudioBinder, we’re committed to privacy—that’s why our privacy policies already adhered to the high standard of the European Data Protection Law known as "GDPR," and why we’re ensuring we maintain those rights and extend them to all our users, inside and outside the EU.

Complete control over who can access your pages

All data and files are private by default. Accessing a page requires a person to be messaged or invited by a user on your account. You can control whether they can view, add comments, or edit the page, and revoke their access at any time.

You can also decide to make your shared page viewable by anyone by generating a view only share URL.

Direct access is protected

All pages are available through a generated URL
The URL can not be guessed and all filenames are obfuscated.
You (or any account administrator) can revoke access to a team member, invited collaborator, contact or call sheet recipient at any point.

Where is my data stored?

All StudioBinder data is stored in the US (AWS datacenter). For added security and separation, enterprise customers may have their data stored in a dedicated server, database, file storage on AWS and S3. More on AWS security.

Is my data secure?

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
We have data encryption in transit and at rest, meaning all our data in the database, underlying storage, backups, replicas and snapshots are encrypted.
Only a handful of people can access data and they only do so in order to improve the services we provide.
We monitor and audit our usage logs.

What Third Party services do you use?

We use a number of third parties to store user data in order to provide/improve our services:

We send transactional emails and monthly newsletters using SendGrid. This newsletter is only sent to customers who signed up and opted to receive the newsletter.
We use Google Analytics and MixPanel and HotJar to track page views and improve the usability of our application, blog and marketing pages.
Our Customer Support team uses Intercom to generate support documentation and live chat with users.
All payments are securely processed by Stripe. We don’t store any payment information or customer data from these transactions.
We use Amazon EC2 (for data hosting), Amazon S3 (file storage), Amazon CloudFront (CDN to host / distribute media in the app and website), and various other AWS solutions.
MongoDB for storing and deploying our database.
Twilio for distributing messages, notifications and call sheets via SMS.
KeyMetrics for server monitoring.

Like many websites, we also use "cookie" technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer's hard disk. A session cookie enables certain features of the Site and our service and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. Studiobinder may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve the Site and our Service.

We may also automatically record certain information from your device by using various types of cookies. This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message, to the extent permitted under applicable law.

You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept, cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

How StudioBinder Collects Data

We primarily collect data when a user sign-up for StudioBinder's services. Where data tracking is enabled we make sure that we do not collect any personally identifiable information.

Compliance

The environment that hosts the StudioBinder services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

You can find out more about our policies in our Terms of Service and Privacy Statement. If you have any questions about security at StudioBinder, please contact our Customer Support team via the live chat bubble on the bottom-right of the page.