The Importance of Data Security for Personalised Video

Personalised Video combines the power of personalisation with everyone’s favourite type of media: video. As with any form of content, adding personalisation requires customer data — the details that make one video different from another and make each video unique to the viewer who receives it.

Personalisation is a boon for the digital experience. Research shows that personalisation boosts ROI, and most consumers want personalisation. In fact, they’re 72% more likely to share data with brands if it allows for a more personalised experience. But anytime you’re using personal data, it’s important to be careful with it. That’s especially true in industries like healthcare and finance where data is even more sensitive. There’s no way around it: personalisation demands data security.

Personalised Video is no different. When you’re choosing your Personalised Video provider, make sure their level of data security meets your needs. This article outlines the robust security protocols we follow here at Idomoo to protect customer data along with some examples of what to look for as you evaluate different Personalised Video vendors.

ISO 27001 Information Security Certification

When you’re researching companies to see if their data security standards are at the appropriate level, checking certifications is essential. Certification proves that the organisation meets a preestablished set of criteria by a trusted and independent third party.

For information security management systems, ISO 27001 is globally recognised as the leading standard. ISO 27001 certification shows that an organisation follows specific, rigorous requirements to support data protection and boost their resilience against cyber attacks.


Idomoo has been ISO 27001 certified since 2015, and we continually update our certification to meet the latest set of ISO standards. You can read more about this topic and download our certification in our Academy article.

SOC 2 Type 2 Compliance

Idomoo is also SOC 2 Type 2 compliant. Administered by the American Institute of CPAs (AICPA), this credential for service organisations focuses on evaluating controls related to security, availability, processing integrity, confidentiality, and privacy over an extended period, typically six months to a year. The “Type 2” aspect ensures that controls aren’t just on paper but are effectively implemented and maintained in practice.

Soc 2 certification

Soc 2 is key for Personalised Video providers where handling sensitive customer data is a top priority. This offers assurance that we take data privacy and compliance seriously, going above and beyond to demonstrate real-world, sustained commitment to security.

Part of the SOC 2 Type 2 compliance process involves engaging a third-party auditing firm to conduct the assessment, following the AICPA’s stringent criteria. The audit includes a detailed report, summarising the findings. This report is available to Idomoo clients to showcase our dedication to safeguarding customer data.

ISO 27799 Information Security Certification

Due to our increasing work with healthcare providers and companies, Idomoo has most recently become ISO 27799 health informatics certified.


ISO 27799 offers essential guidelines for organizations to navigate information security standards and practices with a particular emphasis on health informatics. By adhering to ISO 27799, healthcare organizations and custodians of health information (that’s us) can ensure the appropriate level of security tailored to their circumstances, maintaining the privacy, confidentiality, integrity and availability of personal health information, regardless of its format, storage methods or means of transmission.

Cyber Security

As a data-driven company, data security and privacy vigilance is inherent in how we operate. All employees conduct regular security training, including additional in-depth training for anyone who works with customer data.

Along with the security protocols we follow to remain compliant with ISO 27001 and other standards, cyber security vulnerabilities are scanned regularly on our platform, and a penetration test is conducted by a third party at least once a year. This guarantees our platform is resilient against evolving cyber threats.

Regular Security Audits

A certification is just the starting point. When we think about data security in practice, it’s helpful to know if and how the system has been tested for potential cyber threats. What does that mean? In a word, audits.

Some of our clients, particularly financial institutions, have required security audits before working with us. These include USAA, Pennymac, US Bank, BT, Activision and many more.

These audits are conducted by a third party, typically an external cyber assurance company. They are comprehensive and conducted annually — and we’ve passed every one.

Personally Identifiable Information (PII)

PII — or personally identifiable information — is just what it sounds like: data that is unique to you and can be used to identify you. Your first name isn’t PII, but biometrics and national ID numbers (such as a social security number in the U.S.) are.

This is the most sensitive type of data. The good news is that we don’t use PII for Personalised Videos. Videos greet customers with their first name, just like a person would. It’s part of the reason we say data-driven videos add a “human” touch.

No Data Saved

We also don’t save any data about our customers’ customers. Only data required for the video is transferred to our platform. We do both real-time and batch rendering. Real-time rendering happens instantly, and data isn’t stored.

For batch rendering, the necessary information is kept encrypted for a short time until the process is complete and the customer takes the data file. Data is deleted immediately after the video generation process is done.

Secure Data Transfer

Especially important, data is always sent securely. To send data, our clients can use either SFTP or secure API. The API uses OAuth 2.0 and signature validation.

All of this is better than industry standard or other common ways of passing data in the URL’s query string, which can be easily manipulated without server side data authentication. Read more in our Academy article.

Personalisation Native to the Video

We usually talk about native personalisation as it affects quality, particularly in live-action sequences. Think of a license plate with your name (added dynamically via our platform) looking like an actual license plate filmed with your name on it.
But this concept matters for data security, too. Because personal data is encoded directly into the video, the video itself is more secure. Data doesn’t appear as a separate plain-text overlay such as HTML, where someone can access the code to manipulate the dynamic text.

Our personalised data is added in Adobe After Effects, just like any other video element. It’s part of the video.

Additional Data Privacy Compliance

As with security certifications, you’ll want to check if your Personalised Video platform is compliant for any standards your organisation needs to meet.

For example, compliance for HIPAA, or the Health Insurance Portability and Accountability Act, is a common one for U.S. healthcare organisations. Designed to protect the privacy of personal health information and enforced by the Department of Health and Human Services, HIPAA compliance is mandatory for many healthcare providers, and since we work with health and wellness companies, Idomoo is compliant with federal HIPAA requirements.


We are also GDPR compliant. Per the General Data Protection Regulation that went into effect in 2018, we have ensured that all customer data is handled as required by this EU law. Similarly, we are compliant with the California Consumer Privacy Act (CCPA). CCPA compliance involves a yearly audit to make sure we adhere to policies and procedures that protect and strengthen consumer privacy rights.

A Proven Track Record

Keeping your customers’ data safe is always a priority. While personalisation enhances digital communications, it also requires top-notch security protocols. That’s true whether you’re including customer data in an app, email, text message or web page — or a video shared via any of these mediums.

At Idomoo, we’re committed to the highest levels of data privacy. We work with the world’s leading brands, including financial and healthcare institutions such as JPMorgan, Mastercard and NHS where data security is paramount. And we maintain our security standards on an ongoing basis with regular audits, improvements and checkups.

If you have questions about data security at Idomoo, we invite you to contact us. And if you want to see a demo of how data-driven video works, we’d love to show you behind the scenes.

Schedule a Call

Explore More Content

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to Our Newsletter

Email * Enter Email

Explore More Content

Related Articles

Idomoo Revolutionises Personalised Healthcare Communications With New EHR Integration

Idomoo Revolutionises Personalised Patient Communications With New EHR Integration

When it comes to healthcare-related communication, nothing is as important as clarity. People need to pay attention to and understand their treatment and next steps to take ownership of their care plan. That’s where Personalized and Interactive Video comes in. Data-driven video enhances patient communications with a more effective approach to sharing content. It’s not just easy to understand, though that’s important — people are 3.5x more likely to prefer video for complex topics. It’s also empathetic, a more human way to talk to customers while leveraging the power of digital media to be available on demand, rewatchable and easily accessible. That’s why here at Idomoo, we’re changing how hospitals and other healthcare providers communicate with patients through its Next Generation Video Platform. Now, it’s more personal and easier to understand than ever, thanks to a new integration with Epic, a prominent electronic health record (EHR) system used in 89%

Read More
Personalised Interactive Video in Action

Personalised Interactive Video in Action

How many times have you come across an ad or brand message that was entirely skippable? Today’s content often feels like a one-way street, where brands blast messages “at” us rather than engaging in a genuine, two-way conversation. To stand out amid the digital noise, businesses must explore fresh ways to connect with their audience. Luckily, Personalized Interactive Video steps up to the plate. Think of it as the powerful blend of personalization and interactivity — a dynamic solution that brings the best of both worlds to your video marketing strategy. But what exactly is Personalized Video? What’s Interactive Video? And what’s the big deal with combining the two? We’ve got the answers. This blog is your go-to guide, answering your questions and sharing loads of ideas and tips for leveraging Personalized Interactive Video. Let’s get started. What Is Personalized Video? Ever felt like your name was just slapped onto

Read More
8 Essential Customer Engagement Tools for Marketers

8 Essential Customer Engagement Tools for Marketers

As technology has advanced, so have the ways we can connect with and retain our target audience. The days when customer interactions were limited to in-store visits are over. As marketers, our goal now goes beyond just selling a product or service; it’s also about building relationships, inspiring loyalty and creating a brand experience that resonates. Luckily, there are countless tools out there that can transform our customer engagement efforts for the better. From CRM systems that make meaningful engagement possible to chatbots that provide instant assistance, the solutions at our disposal are both diverse and powerful. Here are 8 of the best customer engagement tools to have in your toolkit. 1. Customer Relationship Management Systems (CRMs) To effectively engage customers in a meaningful way, you have to know your customers. That’s where customer relationship management systems (CRMs) come into play. Managing customer data has evolved from spreadsheets and sticky

Read More

Request a Call

Leave your details below, and our team will contact you ASAP to show you what Personalised Video can do for you.