Security at ClipForge

01.Encryption

All ClipForge traffic is encrypted in transit, and all sensitive data is encrypted at rest.

• TLS 1.3 on every connection between your browser and our servers — older protocols are rejected.
• HSTS enabled site-wide so browsers refuse to downgrade to HTTP.
• All database storage encrypted at rest with AES-256.
• Backups encrypted with separate keys and stored in a different region from production.

02.Authentication and sessions

• Passwords are hashed with bcrypt at cost factor 12 — we never store, log, or transmit plaintext passwords.
• Sessions live in httpOnly, Secure, SameSite=Lax cookies. JavaScript in your browser cannot read them, which kills the most common path for credential theft via XSS.
• Brute-force protection: failed login attempts are rate-limited per IP and per account. Repeated failures trigger a temporary lockout.
• Password reset tokens are single-use, expire in 1 hour, and are tied to the email address that requested them.
• Email verification required before paid plan checkout.

03.Infrastructure

• Hosted on Emergent's cloud — running on Kubernetes with isolated containers per service.
• Databases in a private VPC with no public network access.
• Production credentials managed through environment variables and a secrets manager — never committed to source control.
• Secrets rotated quarterly. Compromised secrets are revoked within 1 hour of detection.
• Application logs scrubbed of PII before being written.

04.Application-level protections

• Rate limiting on every authentication endpoint, every content generation endpoint, and every public-share endpoint to prevent abuse.
• All user input HTML-escaped before rendering, all database queries parameterized, all uploaded files validated by type and size.
• CSRF tokens required for state-changing requests outside the SPA.
• Strict CORS allow-list — only our frontend domains can call the API.
• Atomic database operations on credit reservation so concurrent requests can't double-spend a user's credits.

05.Your content is yours

When you upload a podcast, paste a transcript, or train a brand voice, here is exactly what happens to that data.

• Anthropic processes your text to generate clips and does not retain it or train models on it (API mode policy).
• OpenAI processes uploaded audio for transcription only and does not retain it or train models on it (API mode policy).
• We do not sell, share, or repurpose your content for any other ClipForge user — your brand voice profile is private to your account.
• We do not have employees reading individual user content. Engineers see aggregated metrics; no one is browsing your projects.

06.Third-party security posture

ClipForge's security is only as strong as the vendors it depends on. We pick processors with documented security practices and audit them annually.

• Stripe — PCI DSS Level 1 certified. We never see card numbers; Stripe handles all card data directly via their hosted Checkout.
• Anthropic (Claude) — SOC 2 Type II certified. ISO 27001. Zero-retention API mode for ClipForge inputs.
• OpenAI (Whisper) — SOC 2 Type II certified. Zero-retention API mode.
• Resend (email delivery) — SOC 2 Type II. We send only email addresses + transactional content.
• PostHog (analytics) — SOC 2 Type II. We send only behavior events with IP truncation enabled.
• Emergent (hosting) — runs on hardened Kubernetes; supports private VPCs.

07.Payment security

All payments are handled by Stripe — one of the most security-audited companies in the world.

• Card data never touches ClipForge servers. Stripe Checkout collects it directly and returns a one-way token.
• Subscription state is synced from Stripe to our database via signed webhooks — we verify Stripe's signature on every webhook event.
• Refunds and cancellations flow back through Stripe's Customer Portal, which uses re-authentication for sensitive changes.

08.Vulnerability disclosure

If you find a security issue in ClipForge, please tell us. We treat security reports as the highest-priority engineering work.

How to report

• Email security@useclipforge.com with a description, reproduction steps, and (if you have them) suggested mitigations.
• Encrypt sensitive details with our PGP key on request.
• We acknowledge reports within 24 hours and ship critical fixes within 7 days.

What you can expect

• We will not take legal action against good-faith researchers.
• We credit reporters publicly (on this page) if they wish.
• We do not yet have a paid bug bounty. Critical reports may receive a thank-you reward at our discretion — typically a year of Business plan credits.

Scope

Anything on useclipforge.com or the *.useclipforge.com subdomains is in scope. Third-party infrastructure (Stripe, Anthropic, OpenAI) should be reported to those vendors directly.

09.Incident response

If a security incident affects user data, we will notify affected users by email within 72 hours of confirmation — including what was exposed, what we have done about it, and what you should do.

Incident postmortems will be published in our changelog within 14 days of resolution. We disclose root cause, customer impact, and what we changed to prevent recurrence.

10.Compliance

We honor GDPR, UK GDPR, and CCPA rights by default for all users regardless of where you live (see our Privacy Policy for details).

Formal SOC 2 Type I audit is on our 2026 roadmap. If your procurement process requires a Vendor Security Questionnaire or NDA before sharing implementation details, email security@useclipforge.com and we'll respond within 5 business days.