The Importance of Data Security for Personalized Video

Personalized Video combines the power of personalization with everyone’s favorite type of media: video. As with any form of content, adding personalization requires customer data — the details that make one video different from another and make each video unique to the viewer who receives it.

Personalization is a boon for the digital experience. Research shows that personalization boosts ROI, and most consumers want personalization. In fact, they’re 72% more likely to share data with brands if it allows for a more personalized experience. But anytime you’re using personal data, it’s important to be careful with it. That’s especially true in industries like healthcare and finance where data is even more sensitive. There’s no way around it: personalization demands data security.

Personalized Video is no different. When you’re choosing your Personalized Video provider, make sure their level of data security meets your needs. This article outlines the robust security protocols we follow here at Idomoo to protect customer data along with some examples of what to look for as you evaluate different Personalized Video vendors.

ISO 27001 Information Security Certification

When you’re researching companies to see if their data security standards are at the appropriate level, checking certifications is essential. Certification proves that the organization meets a preestablished set of criteria by a trusted and independent third party.

For information security management systems, ISO 27001 is globally recognized as the leading standard. ISO 27001 certification shows that an organization follows specific, rigorous requirements to support data protection and boost their resilience against cyber attacks.


Idomoo has been ISO 27001 certified since 2015, and we continually update our certification to meet the latest set of ISO standards. You can read more about this topic and download our certification in our Academy article.

SOC 2 Type 2 Compliance

Idomoo is also SOC 2 Type 2 compliant. Administered by the American Institute of CPAs (AICPA), this credential for service organizations focuses on evaluating controls related to security, availability, processing integrity, confidentiality, and privacy over an extended period, typically six months to a year. The “Type 2” aspect ensures that controls aren’t just on paper but are effectively implemented and maintained in practice.

Soc 2 certification

Soc 2 is key for Personalized Video providers where handling sensitive customer data is a top priority. This offers assurance that we take data privacy and compliance seriously, going above and beyond to demonstrate real-world, sustained commitment to security.

Part of the SOC 2 Type 2 compliance process involves engaging a third-party auditing firm to conduct the assessment, following the AICPA’s stringent criteria. The audit includes a detailed report, summarizing the findings. This report is available to Idomoo clients to showcase our dedication to safeguarding customer data.

ISO 27799 Information Security Certification

Due to our increasing work with healthcare providers and companies, Idomoo has most recently become ISO 27799 health informatics certified.


ISO 27799 offers essential guidelines for organizations to navigate information security standards and practices with a particular emphasis on health informatics. By adhering to ISO 27799, healthcare organizations and custodians of health information (that’s us) can ensure the appropriate level of security tailored to their circumstances, maintaining the privacy, confidentiality, integrity and availability of personal health information, regardless of its format, storage methods or means of transmission.

Cyber Security

As a data-driven company, data security and privacy vigilance is inherent in how we operate. All employees conduct regular security training, including additional in-depth training for anyone who works with customer data.

Along with the security protocols we follow to remain compliant with ISO 27001 and other standards, cyber security vulnerabilities are scanned regularly on our platform, and a penetration test is conducted by a third party at least once a year. This guarantees our platform is resilient against evolving cyber threats.

Regular Security Audits

A certification is just the starting point. When we think about data security in practice, it’s helpful to know if and how the system has been tested for potential cyber threats. What does that mean? In a word, audits.

Some of our clients, particularly financial institutions, have required security audits before working with us. These include USAA, Pennymac, US Bank, BT, Activision and many more.

These audits are conducted by a third party, typically an external cyber assurance company. They are comprehensive and conducted annually — and we’ve passed every one.

Personally Identifiable Information (PII)

PII — or personally identifiable information — is just what it sounds like: data that is unique to you and can be used to identify you. Your first name isn’t PII, but biometrics and national ID numbers (such as a social security number in the U.S.) are.

This is the most sensitive type of data. The good news is that we don’t use PII for Personalized Videos. Videos greet customers with their first name, just like a person would. It’s part of the reason we say data-driven videos add a “human” touch.

No Data Saved

We also don’t save any data about our customers’ customers. Only data required for the video is transferred to our platform. We do both real-time and batch rendering. Real-time rendering happens instantly, and data isn’t stored.

For batch rendering, the necessary information is kept encrypted for a short time until the process is complete and the customer takes the data file. Data is deleted immediately after the video generation process is done.

Secure Data Transfer

Especially important, data is always sent securely. To send data, our clients can use either SFTP or secure API. The API uses OAuth 2.0 and signature validation.

All of this is better than industry standard or other common ways of passing data in the URL’s query string, which can be easily manipulated without server side data authentication. Read more in our Academy article.

Personalization Native to the Video

We usually talk about native personalization as it affects quality, particularly in live-action sequences. Think of a license plate with your name (added dynamically via our platform) looking like an actual license plate filmed with your name on it.
But this concept matters for data security, too. Because personal data is encoded directly into the video, the video itself is more secure. Data doesn’t appear as a separate plain-text overlay such as HTML, where someone can access the code to manipulate the dynamic text.

Our personalized data is added in Adobe After Effects, just like any other video element. It’s part of the video.

Additional Data Privacy Compliance

As with security certifications, you’ll want to check if your Personalized Video platform is compliant for any standards your organization needs to meet.

For example, compliance for HIPAA, or the Health Insurance Portability and Accountability Act, is a common one for U.S. healthcare organizations. Designed to protect the privacy of personal health information and enforced by the Department of Health and Human Services, HIPAA compliance is mandatory for many healthcare providers, and since we work with health and wellness companies, Idomoo is compliant with federal HIPAA requirements.


We are also GDPR compliant. Per the General Data Protection Regulation that went into effect in 2018, we have ensured that all customer data is handled as required by this EU law. Similarly, we are compliant with the California Consumer Privacy Act (CCPA). CCPA compliance involves a yearly audit to make sure we adhere to policies and procedures that protect and strengthen consumer privacy rights.

A Proven Track Record

Keeping your customers’ data safe is always a priority. While personalization enhances digital communications, it also requires top-notch security protocols. That’s true whether you’re including customer data in an app, email, text message or web page — or a video shared via any of these mediums.

At Idomoo, we’re committed to the highest levels of data privacy. We work with the world’s leading brands, including financial and healthcare institutions such as JPMorgan, Mastercard and NHS where data security is paramount. And we maintain our security standards on an ongoing basis with regular audits, improvements and checkups.

If you have questions about data security at Idomoo, we invite you to contact us. And if you want to see a demo of how data-driven video works, we’d love to show you behind the scenes.

Schedule a Call

Explore More Content

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Explore More Content

Subscribe to Our Newsletter

Email * Enter Email

Related Articles

Why Loyalty Programs Need To Be Personalized

Why Loyalty Programs Need To Be Personalized

These days, it’s commonplace to make a purchase at a shop, cafe or online store and get asked to join its loyalty program. Many times, these programs are enticing. Getting perks for simply continuing your spending habits seems like a no-brainer and is probably why U.S. consumers hold more than 3.8 billion memberships in these kinds of programs. At the same time, companies are more than well-aware of all the benefits they get from implementing loyalty programs. After all, what’s better than having customers that wholly trust and recommend your brand? And this is true beyond retail. Think of hotel loyalty programs or rewards credit cards.

Read More
Do You Need a Video Production Company To Create Quality Video Content?

Do You Need a Video Production Company To Create Quality Videos?

These days, businesses of all sizes are making video part of their core marketing strategy. Video marketing content is a great way to connect with your audience and attract new customers. But do you need a professional video production company to accomplish that? High-quality marketing videos can help grow brand awareness, boost engagement, and ultimately build your business online. You might not be Hollywood, but you understand that your audience values top-notch video content. Videos with great production value, like the one below from HubSpot, are an eye-catching way to make a great impression with your brand. So is a video production agency the key to creating effective videos? Do you need to hire a production team from Los Angeles or New York to get a solid return on your investment? Let’s talk about it. First, though, let’s dig a little deeper into why video content is so important. Why

Read More
Email Personalization

Email Personalization: Tips for Cutting Through the Clutter

Email marketing is a tried and true strategy. But in today’s digital age, cutting through the clutter of your customers’ inboxes is trickier than ever before. Today, an estimated 333 billion emails are delivered and received every day. But brands have found a way to rise above the digital noise: By personalizing their email marketing campaigns. By using this strategy, businesses are able to reach more customers, boost engagement and build stronger relationships. To help you get started, we’ll cover why email personalization works (hint: it makes people feel heard) and the tips and tricks you need to effectively personalize your email marketing campaigns. The Issue With Generic Emails Generic emails are impersonal, and this comes with consequences. For one, customers don’t want to be treated like numbers. Brand communications should make customers feel valued — not another sales grab. On top of that, you also risk sending a message

Read More

Request a Call

Leave your details below, and we’ll be in touch to show you what Personalized and Interactive Video can do for you.