Security & chain of custody

Engineered to be trusted in the rooms that matter most.

When footage is headed for a deposition or a courtroom, security and provenance are the point. Below is the technical architecture that protects your files and keeps the path from original recording to finished, stamped video as short and defensible as possible.

AES-256 encryption at rest Google Cloud infrastructure HIPAA-eligible under BAA Chain-of-custody by design

Security architecture

How your footage is protected, end to end.

Plain-language detail on the controls behind every submission, from upload to delivery.

Transport encryption
Every upload and download travels over TLS 1.2+ (HTTPS). Footage is never transmitted in cleartext.
Encryption at rest
Files are stored with AES-256 encryption on Google Cloud, the same encryption standard relied on across regulated industries and government.
Upload integrity
Large files transfer through resumable, chunked upload sessions, so an interrupted transfer resumes rather than restarting or corrupting.
Storage isolation
Each submission is held in its own isolated, per-case storage partition, segregated from every other client's work.
Timestamp source
The burned-in date and time are derived deterministically from the original file's embedded capture metadata. No value is ever estimated, entered by hand, or guessed.
Processing pipeline
A locked, reproducible processing method produces a uniform, frame-accurate overlay. The same input always yields the same, explainable output.
Delivery
Finished video is returned through an access-controlled link, never posted to a public, indexable location. Password-protected delivery is available as an optional layer.
Underlying infrastructure
Storage and processing run on Google Cloud, whose infrastructure independently maintains SOC 2, ISO/IEC 27001, and FedRAMP authorizations.
Retention & eDiscovery
Backed by Google Vault for retention, hold, and export, supporting an audit-ready record of handling.

Built on a secured foundation

Backed by Google Workspace security.

Your footage is stored and processed inside Google Workspace and Google Cloud, an environment built for organizations with strict security, privacy, and compliance requirements.

HIPAA-eligible

The platform is HIPAA-eligible, and the storage services we use are eligible for coverage under a Business Associate Agreement, the foundation for handling regulated, sensitive footage.

Vault & eDiscovery

Google Vault provides retention, legal hold, and export, helping preserve a defensible, audit-ready record of how a file was handled.

Defense-grade encryption

Encryption in transit and at rest, granular access controls, two-step verification, and continuous platform security monitoring are enforced at the infrastructure level.

Verify it at the source

These protections are documented and independently audited by Google. You can review them directly:

SOC 2 ISO/IEC 27001 FedRAMP HIPAA-eligible AES-256

Certifications held by the underlying Google Cloud infrastructure.

Google Cloud infrastructure

Encryption in transit & at rest  ·  HIPAA on Google Cloud  ·  HIPAA with Google Workspace  ·  Google Vault  ·  Compliance & certifications (SOC 2, ISO/IEC 27001, FedRAMP)

Optional layers for regulated work

Need more? Add a higher tier of protection.

For clients handling protected or highly sensitive material, two optional layers are available, included with the Firm plan and offered on request to any client.

HIPAA-aligned handling

Processing and delivery available under a Business Associate Agreement, with access restricted to verified accounts, supporting clients with PHI and other regulated footage.

Password-protected delivery

Finished files delivered behind a private access code, so only the intended recipient, holding the password, can open the download.

Request upgraded security

Chain of custody

The shortest defensible path we can build.

A clean chain of custody means fewer hands, fewer conversions, and a clear account of what happened to a file. The whole pipeline is designed around that principle.

  • The original file is the anchor. We work from the unaltered file straight off the recording device, and the timestamp is read from that file's own metadata.
  • Minimal, documented handling. Footage moves through one consistent, automated path. Fewer manual steps means cleaner provenance.
  • Closed loop, end to end. Upload, processing, and delivery happen within a single controlled pipeline, not scattered across third-party tools or inboxes.
  • Isolated per submission. Each submission is kept separate from every other client's work.
  • Reproducible result. One locked method, so the same input always yields the same, explainable output.

Always improving

Closing gaps before they matter.

Security is never finished. Our standing commitment is to continually review our encryption, processing, and delivery, adopting stronger protections as they become available and shortening the chain of custody wherever we can, so the service keeps leading rather than catching up.

For legal & evidentiary work

Made for depositions, proceedings, and review.

Attorneys, investigators, claims professionals, and corporate teams use timestamped video where the date and time must be both accurate and defensible. Verifiable source, encryption, and a short chain of custody are built to support exactly that.

Process your first video, free Talk to us about your matter