Scope: All client media, project files, documents, and communications handled during pre-production, production, post-production, and delivery.

• Restricted — Embargoed content / sensitive PII.
• Confidential — Standard commercial projects without PII.
• Internal — Non-client operational docs.

Classification is set at kickoff; the highest class applies to derivatives.

• Least privilege access only.
• Authentication: unique accounts, strong passwords (≥12 chars), 2FA where available.
• Off-boarding: accounts disabled within 24h of project end.
• Guest access: named accounts or expiring password-protected links.

• OS/apps kept current; licensed software only.
• Full-disk encryption where supported (workstations/portable SSDs).
• LAN segmented; guest Wi-Fi isolated from production storage.
• Offline workflows (air-gapped) available upon request.

Policy: We avoid naming specific vendors in the policy. Approved transfer/review services are defined per project in the SOW. If a client specifies a platform, we provision a temporary paid account and operate under their requirements.

Standard Protected Link (Default)

• TLS 1.2+ in transit; provider encryption at rest.
• Password, link expiry, download-attempt limits, recipient scoping, notifications.

Encrypted Archive (High Sensitivity)

• Deliverables wrapped in AES-256 encrypted archive (ZIP-AES/7z).
• Encrypt file names when using 7z; for ZIP, file names may be visible.
• Password shared via a separate channel (e.g., phone/Signal). Optional SHA-256 checksum.

Other Options

• SFTP / Managed file transfer (account-based auth, audit logs) upon request.
• Physical delivery on encrypted SSD/HDD via bonded courier.

We do not use anonymous public uploaders for client deliverables.

• Secure (TLS) session; color-managed output matched to grading environment.
• Time-limited links; watermarking where supported; downloads disabled by default.
• End-to-end encrypted monitoring can be arranged upon request with approved tools.

• Working data: 30 days after final approval (default).
• Delivery masters: 90 days (safety copy), then delete or archive per client instruction.
• Secure deletion; links auto-expire.
• Long-term archiving available as a paid option.

• Nightly backups to a separate tier; offline option for Restricted projects.
• UPS on critical systems; incident plan for disaster events.

• Access logs retained ≥90 days.
• Admin actions logged (permissions, link creation).
• Anomalies may trigger link revocation and investigation.

• Only vetted vendors with published security controls.
• Per-project selection: the SOW defines the specific platform(s). If the client mandates one, we provision it for the project.
• Data hosting regions selected to fit project needs where feasible.

• Report suspected incidents within 1 hour.
• Contain, preserve logs, revoke access, switch to offline if needed.
• Notify affected clients within 24 hours of confirmation; RCA within 5 business days.

• Controlled access to production rooms; visitor escort & sign-in.
• Media stored in locked cabinets after hours.
• No filming or screen capture in color/online rooms without authorization.

• We minimize personal data; process PII only under client direction.
• We sign NDAs and DPAs as required.

• Provide classification and retention requirements.
• Share passwords via a separate channel and keep them confidential.
• Confirm delivery recipients; report exposed credentials promptly.

• Reviewed at least annually or after material workflow/tooling changes.
• Version history tracked; latest revision available on request.

1. Export approved deliverables to the secure “Exports” folder.
2. Create archive with AES-256 and encrypt file names (7z) when applicable.
3. Generate unique passphrase (≥16 chars) and store in the team password manager.
4. Produce a SHA-256 checksum text file.
5. Send via approved transfer with password + expiry; share the password out-of-band.
6. Confirm checksum; revoke link at acceptance.

1. Upload to approved service.
2. Set password, expiry (≤7 days), download limit, recipient emails.
3. Enable notifications; store the URL in the project log.
4. Revoke after acceptance or expiry.

1. Create a time-limited review link; enable watermarking where supported.
2. Provide viewing instructions (browser/display settings); disable downloads by default.
3. Remove access after session; archive comments in the project log.

• Working-data retention: 30 days after approval.
• Master retention: 90 days.
• Transfer/review vendor: defined per project in the SOW (service-neutral; provisioned on demand if client-specified).
• Archive encryption: optional by request.
• Hosting region preference: JP/US/EU (select per project).