Data Privacy & Data Security FAQs

SetKeeper - Secure Document Distribution & International Crew Onboarding

Secure Document Distribution & International Crew Onboarding

Digital Crew Onboarding

Secure Document Distribution & International Crew Onboarding

Data Privacy FAQs

Who can access my personal data?

Production companies, their staff and their agents or service providers have access to the personal data and information you provide to them. Certain SetKeeper employees may also access some of your personal information for strictly administrative purposes and/or to perform the services we provide. ​

You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to [email protected].

Where is my personal data stored?

Servers that run the SetKeeper application are based in Ireland.

How does SetKeeper secure personal data and sensitive files?

SetKeeper has been designed to fully meet regulatory requirements. We undergo routine information security audits by studios and independent experts (such as the Digital Production Partnership) to ensure your data is always protected. Please read our Security page for more information about User Management, Security, and Data Collection and Processing.

Does SetKeeper share data with third-party entities?

SetKeeper shares data with a list of selected sub-processors for the purposes of running the service. All our sub-processors are reviewed on an annual basis to ensure they meet security and privacy requirements.

We are committed to protect your personal information.

We take financial compliance, controls and security seriously at Revolution. As part of our ongoing commitment to provide a best-in-class payroll, financial and SaaS services, we leverage renowned independent third parties to help us strengthen our internal controls and security.

About Your Data Security

We’re hosted on Amazon Web Services and Google Cloud Platform

SetKeeper uses Amazon Web Services (AWS) to store and process data. We also use Google Cloud Platform to host our web application and website. To ensure compliance with industry best practices, Amazon and Google's data centers are accredited to conform to these industry standards:

ISO 27001
SOC 1 and SOC 2
PCI Level 1

We keep our systems up-to-date

Our systems are configured to automatically apply security patches as soon as they are available. We use compliance best practices to manage vulnerabilities and track our dependencies for known CVEs. We closely monitor security mailing lists to be aware of the latest threats. To further limit potential risks, we configure our services with tight firewall rules.

We test our system on a recurring basis

We work closely with our customers and third party security companies to perform thorough Penetration Tests on a recurring basis. Our code is scanned for known CVEs in the dependencies we're using. Our infrastructure is scanned for any misconfiguration using AWS Config and scanned every week for known vulnerability with Detectify.

We encrypt your data

SetKeeper encrypts at rest using AES 256. All connections from your browser to SetKeeper enforce TLS encryption. We only store passwords as salted hashes, not plain passwords.

We backup your data

All data, database and documents are backed up in real-time. Our backups are in a different availability zone than live data.

We log all activity

Any connection to our systems is logged. These logs are centralized with Datadog and stored in an encrypted AWS S3 bucket. This bucket is configured to make sure logs cannot be tampered with nor deleted.

We respond promptly to incidents

We monitor external services and open source libraries for security issues. We use automated tools to continuously scan for service interruptions, performance degradation, and security vulnerabilities and alert our engineers as incidents are detected. You can track SetKeeper's status in real time here:

We test our releases

To ensure system availability and provide the best experience, we review and test all updates to SetKeeper. For each change, we perform unit and end-to-end tests on our continuous integration server. Our quality assurance team evaluates and manually tests functions expected to be impacted by a change to ensure they're not negatively impacted by a regression. ​

After we release a change, we continue to monitor and log exceptions and schedule them for resolution. We use several monitoring services to monitor any impact to performance from changes.

We ensure our employees will help keep your data secure

We conduct pre-employment checks on new SetKeeper employees and require that they sign a confidentiality agreement. During onboarding and on a recurring basis (once a year) thereafter, we train employees on company policies, security, privacy, and compliance to ensure they all know how to properly protect your data and react to security threats. We ensure that each device follows our information security standards by encrypting our employees hard drives and installing anti-malware software.

Putting people first

Help Center

Get started with
our technologies

Industry Resources

Forms, glossary, useful links and articles to support your projects.

Live Support

When you need direct assistance from our team.

Have a question or an issue to report? You can reach us at 818-562-7866 and [email protected]​.