The Importance of Data Security for Personalised Video

Personalised Video combines the power of personalisation with everyone’s favourite type of media: video. As with any form of content, adding personalisation requires customer data — the details that make one video different from another and make each video unique to the viewer who receives it.

Personalisation is a boon for the digital experience. Research shows that personalisation boosts ROI, and most consumers want personalisation. In fact, they’re 72% more likely to share data with brands if it allows for a more personalised experience. But anytime you’re using personal data, it’s important to be careful with it. That’s especially true in industries like healthcare and finance where data is even more sensitive. There’s no way around it: personalisation demands data security.

Personalised Video is no different. When you’re choosing your Personalised Video provider, make sure their level of data security meets your needs. This article outlines the robust security protocols we follow here at Idomoo to protect customer data along with some examples of what to look for as you evaluate different Personalised Video vendors.

ISO 27001 Information Security Certification

When you’re researching companies to see if their data security standards are at the appropriate level, checking certifications is essential. Certification proves that the organisation meets a preestablished set of criteria by a trusted and independent third party.

For information security management systems, ISO 27001 is globally recognised as the leading standard. ISO 27001 certification shows that an organisation follows specific, rigorous requirements to support data protection and boost their resilience against cyber attacks.


Idomoo has been ISO 27001 certified since 2015, and we continually update our certification to meet the latest set of ISO standards. You can read more about this topic and download our certification in our Academy article.

SOC 2 Type 2 Compliance

Idomoo is also SOC 2 Type 2 compliant. Administered by the American Institute of CPAs (AICPA), this credential for service organisations focuses on evaluating controls related to security, availability, processing integrity, confidentiality, and privacy over an extended period, typically six months to a year. The “Type 2” aspect ensures that controls aren’t just on paper but are effectively implemented and maintained in practice.

Soc 2 certification

Soc 2 is key for Personalised Video providers where handling sensitive customer data is a top priority. This offers assurance that we take data privacy and compliance seriously, going above and beyond to demonstrate real-world, sustained commitment to security.

Part of the SOC 2 Type 2 compliance process involves engaging a third-party auditing firm to conduct the assessment, following the AICPA’s stringent criteria. The audit includes a detailed report, summarising the findings. This report is available to Idomoo clients to showcase our dedication to safeguarding customer data.

Cyber Security

As a data-driven company, data security and privacy vigilance is inherent in how we operate. All employees conduct regular security training, including additional in-depth training for anyone who works with customer data.

Along with the security protocols we follow to remain compliant with ISO 27001 and other standards, cyber security vulnerabilities are scanned regularly on our platform, and a penetration test is conducted by a third party at least once a year. This guarantees our platform is resilient against evolving cyber threats.

Regular Security Audits

A certification is just the starting point. When we think about data security in practice, it’s helpful to know if and how the system has been tested for potential cyber threats. What does that mean? In a word, audits.

Some of our clients, particularly financial institutions, have required security audits before working with us. These include USAA, Pennymac, US Bank, BT, Activision and many more.

These audits are conducted by a third party, typically an external cyber assurance company. They are comprehensive and conducted annually — and we’ve passed every one.

Personally Identifiable Information (PII)

PII — or personally identifiable information — is just what it sounds like: data that is unique to you and can be used to identify you. Your first name isn’t PII, but biometrics and national ID numbers (such as a social security number in the U.S.) are.

This is the most sensitive type of data. The good news is that we don’t use PII for Personalised Videos. Videos greet customers with their first name, just like a person would. It’s part of the reason we say data-driven videos add a “human” touch.

No Data Saved

We also don’t save any data about our customers’ customers. Only data required for the video is transferred to our platform. We do both real-time and batch rendering. Real-time rendering happens instantly, and data isn’t stored.

For batch rendering, the necessary information is kept encrypted for a short time until the process is complete and the customer takes the data file. Data is deleted immediately after the video generation process is done.

Secure Data Transfer

Especially important, data is always sent securely. To send data, our clients can use either SFTP or secure API. The API uses OAuth 2.0 and signature validation.

All of this is better than industry standard or other common ways of passing data in the URL’s query string, which can be easily manipulated without server side data authentication. Read more in our Academy article.

Personalisation Native to the Video

We usually talk about native personalisation as it affects quality, particularly in live-action sequences. Think of a license plate with your name (added dynamically via our platform) looking like an actual license plate filmed with your name on it.
But this concept matters for data security, too. Because personal data is encoded directly into the video, the video itself is more secure. Data doesn’t appear as a separate plain-text overlay such as HTML, where someone can access the code to manipulate the dynamic text.

Our personalised data is added in Adobe After Effects, just like any other video element. It’s part of the video.

Additional Data Privacy Compliance

As with security certifications, you’ll want to check if your Personalised Video platform is compliant for any standards your organisation needs to meet.

For example, compliance for HIPAA, or the Health Insurance Portability and Accountability Act, is a common one for U.S. healthcare organisations. Designed to protect the privacy of personal health information and enforced by the Department of Health and Human Services, HIPAA compliance is mandatory for many healthcare providers, and since we work with health and wellness companies, Idomoo is compliant with federal HIPAA requirements.


We are also GDPR compliant. Per the General Data Protection Regulation that went into effect in 2018, we have ensured that all customer data is handled as required by this EU law. Similarly, we are compliant with the California Consumer Privacy Act (CCPA). CCPA compliance involves a yearly audit to make sure we adhere to policies and procedures that protect and strengthen consumer privacy rights.

A Proven Track Record

Keeping your customers’ data safe is always a priority. While personalisation enhances digital communications, it also requires top-notch security protocols. That’s true whether you’re including customer data in an app, email, text message or web page — or a video shared via any of these mediums.

At Idomoo, we’re committed to the highest levels of data privacy. We work with the world’s leading brands, including financial and healthcare institutions such as JPMorgan, Mastercard, NHS and NewYork-Presbyterian where data security is paramount. And we maintain our security standards on an ongoing basis with regular audits, improvements and checkups.

If you have questions about data security at Idomoo, we invite you to contact us. And if you want to see a demo of how data-driven video works, we’d love to show you behind the scenes.

Schedule a Call

Explore More Content

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to Our Newsletter

Explore More Content

Related Articles

5 Quick Tips for Getting Started With Personalised Video

5 Quick Tips for Getting Started With Personalised Video

When it comes to creating real connections with your audience, Personalised Video is a powerful tool. But like any tool, you need to use it the right way for it to be effective. If you’re just dipping your toes into the world of Personalised Video, we have a few tips to share from lessons learned over the past decade-plus of working with clients in a range of industries, ranging from higher education to hospitality. Some of the biggest perceived hurdles to getting started with Personalised Video involve time, money, and where to get all that data. We’re here to help. Read on for five (easy) Personalised Video tips you need to know now. 1. Right-Size Your Personalisation Personalisation isn’t one size fits all. What works well in one industry may not work in another. Case in point: Your bank certainly knows your account number, but that doesn’t mean you want

Read More
How To Choose the Right Personalised Video Software

How To Choose the Right Personalised Video Software

As tailored experiences become the norm rather than the exception, Personalised Video has been increasingly used by brands across industries to improve the effectiveness of their marketing strategies. Take a look at the nonprofit industry where Personalised Videos delivered via email led to higher engagement among donors led to a staggering 17x ROI for the Canadian Red Cross. Meanwhile, gaming brands like Ubisoft and Activision have seen great success with personalised recap videos that strengthen player loyalty and retention. As a versatile tool, Personalised Video can be used to level up communication throughout the sales process and customer journey. Here are just a few use cases and ideas to consider: Improve outreach efforts with highly tailored video messages Acquire new customers with engaging video offers Grow brand awareness when customers share their personalised content Optimise the onboarding experience with Personalised and Interactive Video tutorials In an era where one-size-fits-all no

Read More
7 Tips for Making Personalised Videos for Emails

7 Tips for Making Personalised Videos for Emails

It’s not easy to stand out in an overcrowded inbox. As effective as email marketing can be, it only really works if you’re able to survive that cutthroat inbox sweep. With so many emails coming in every day, consumers have become more and more brutal when it comes to deleting emails they aren’t interested in. So what can you do to stick out from clutter and capture your audience’s attention? Incorporate Personalized Video. A whopping 81% of consumers want brands to use video more. And yet 70% say they rarely or never receive video content from brands. Additionally, consumers are 3.5x more likely to be interested in Personalized Video than not. You know what that means? There’s a huge opportunity for brands like yours to stand out by delivering what consumers crave. Personalized Videos in emails have the potential to significantly boost customer engagement, increase click-through rates by up to

Read More

Download the Report

See more of the data and findings in the full report.

Thanks for downloading!

Your copy of our 2023 State of Video Technology consumer study has opened in a new tab.

Request a Call

Leave your details below, and our team will contact you ASAP to show you what Personalised Video can do for you.