Security and Privacy
Data protection and security measures for the Clevercast platform
The GDPR (General Data Protection Regulation) is intended to improve the protection and transparency of personal data for all individuals within the European Union. We are fully committed to complying with the GDPR regulation in all its aspects, and are continuously taking all necessary steps to protect the personal data processed by Clevercast. In addition, we also ensure that our platform is optimally secured and permanently available.
Secure and redundant platform
Our data is stored on our own servers located in private racks in multiple ISO 27001-compliant data centers at different geographical locations within the EU. All hardware and software is monitored 24/7, with automated alerts for possible threats or malfunctions. We use encryption technology to secure the transmission of data. We use encryption and other security measures to protect information stored on our systems.
The privacy and security of our clients and their users are of the utmost importance to us. Data is never shared, nor is it accessible to third parties.
Our cloud application is set up in such a way that it is permanently available. It is fully redundant, with multiple instances located in different geographic locations. In addition to our own CDN, live stream delivery is done through the global Akamai CDN. The uptime of our platform and CDNs are permanently monitored by Pingdom.
Ensuring GDPR compliance
In its role of data processor, Clevercast ensures that:
- your data is maximally secured
- every employee is perfectly aware of everything that GDPR entails
- if third parties are hired for custom projects, they work in accordance with the GDPR
- should there ever be a security breach, it will be reported to you asap
- we keep a data register – containing personal data categories and purposes – based on your information
- we can give you secure access to your data if requested, or provide a copy when you choose a different data processor
- all data is deleted when your plan ends
Our data processing agreement is an integral part of the terms of every plan and contract.
Protecting AI-Generated Data: Security & Privacy
Types of Language Models
For customers with an AI multilingual plan, Artificial Intelligence (AI) will be used to automatically generate closed captions and audio translations (synthetic languages). Clevercast utilizes various language models, specifically Speech-to-text models, Machine Translation models, and Text-to-speech models.
It is important to note that no Conversational AI Models are used to generate closed captions and audio translations (synthetic languages) for live streams or Video on-Demand. However, Clevercast offers an optional feature that allows you to automatically generate terms for a Vocabulary (used to enhance speech recognition and machine translation) with the assistance of a Conversational AI Model.
Security and Privacy
When selecting and entering into licensing agreements with the providers of AI language models, data security and privacy are our top priorities. The video streams and any data generated by AI, such as closed captions and/or audio translations, are only accessible to you and your viewers. The AI-generated data is not permanently stored and is never used for training Conversational AI models. The use of Clevercast can in no way result in your content becoming accessible through AI data leakage.
All data transmitted to and from Clevercast, including AI-processed data, is encrypted using industry-leading encryption protocols. This ensures that even in the unlikely event of an interception, the data remains protected and unreadable.
In terms of privacy, the GDPR (see below) applies to the agreement between the AI model providers (acting as data processors) and Clevercast (acting on behalf of our customers, who are the actual data controllers). All data retained by Clevercast, including vocabularies and closed captions, is secured according to industry standards and can be deleted by you at any time. If your account is terminated, all of your data will be permanently deleted in accordance with GDPR regulations.
AI Processing LIMITATIONS
Regarding the language models used by Clevercast, the following applies:
- Speech-to-text models: All data is processed in a secure and private manner. Transcripts may be utilized, in a strictly temporary and internal manner, by the provider of the speech-to-text model to improve its software for automatic speech recognition. Under no circumstances may this data be used for training Conversational AI models or in any other way that could result in AI data leakage.
- Machine translation and Text-to-speech models: All data is processed in a secure and private manner. The data transmitted is used solely for the purpose of providing the services (i.e., translation and text-to-speech). No data is permanently stored or used to train Conversational AI models or any other language models.
- Conversational AI models (optional, to generate Vocabulary terms): All data is processed in a secure and private manner. The data transmitted is used solely for the purpose of providing the services. No data is permanently stored or used to train Conversational AI models or any other language models.
Clevercast Enterprise and privacy
Our Enterprise platform is only accessible via HTTPS (SSL encryption). Only name, email and password of administrators are stored. This data is only used for secure access to the web application and to determine a user’s permissions. An administrator can change this data and password at any time.
Clevercast player uses no tracking technology. Some settings are stored in local session storage in the browser, such as the audio level and language preferences of the player, but they are not linked to a user ID or other user information. The embedded player uses an encrypted connection to send the data necessary to generate statistics to Clevercast. Clevercast ensures that statistics cannot be traced back to individuals.
When an account is deleted, all personal data is also permanently deleted. This also applies to statistics and uploaded videos and recordings.
Clevercast Webinar and privacy
With respect to the personal data of administrators and the behaviour of our player, the privacy guarantees for our Webinar platform are the same as those of the Enterprise platform.
For webinars without registration, no data of participants is stored by Clevercast, with the exception of questions or chat messages (if enabled).
For webinars with registration, you determine whether which personal data of participants is requested and stored, as well the ways in which participants can interact. It is your responsibility to inform participants and seek their consent where necessary. Our webinar platform provides the necessary options to do so.
Any interaction of participants with Clevercast is SSL encrypted. Any personal or statistical data is only accessible to your administrators. They can delete the data of some or all participants at any time. When a webinar is deleted, all user data is also permanently deleted.
Impact of the GDPR
If you let Clevercast collect or process personal data from end users in the European Union, you are – as a data collector – responsible for doing so in accordance with the GDPR. This also applies if your company is located outside of the EU.
As a Clevercast customer you agree to be bound by our Data Processing Agreement, an addendum that is an integral part of our general terms and conditions. By doing so, you agree to keep us informed of all categories of personal data that you transfer to Clevercast for processing, and the purposes of processing. This way, we can keep a data register and inform you in the (unlikely) case of a security breach.
If you have any questions, please contact us.