We’re committed to keeping your information safe.
VideoMule is committed to the security of our customers and their data. As a cloud-based platform entrusted with some of your most valuable content, like your screen recordings and organizational knowledge, we are focused on keeping you and your data safe. VideoMule encrypts data in transit, isolates every organization’s data on the server, and builds on the secure infrastructure of Amazon AWS. Keeping customer data safe is our priority.
VideoMule follows GDPR-aligned data practices, with data-subject rights and privacy-by-design built into how we operate. We use a multi-tenant approach where each organization’s data is fully isolated across companies and teams, enforced on the server for every request. This adheres to role-based access control over who can view, share, or create content, and with whom, within your organization. Payments meet PCI DSS through Stripe, and additional certifications such as SOC 2 and HIPAA are on our roadmap.
VideoMule services and data are hosted on Amazon Web Services (AWS) and Vercel. Assets are stored in Amazon S3, and final videos are rendered on AWS Lambda in isolated, ephemeral environments that are torn down after each job. We rely on AWS’s physically secured, redundant data centers for durability.
On an application level, errors and anomalies are monitored continuously with Sentry, and security-sensitive events, such as a new sign-in method, trigger alert emails to the account owner.
Access is protected end to end. VideoMule is served 100% over HTTPS with HSTS enforced. Sign in with email and password, Google, or Microsoft, with optional two-factor authentication (TOTP) and enforced password policies to keep access to your account protected.
All data sent to or from VideoMule is encrypted in transit using TLS, with HSTS enforced across the domain. Passwords are hashed with bcrypt, API keys are stored as one-way hashes, and two-factor secrets are encrypted at rest.
All inputs are validated with Zod before they reach the database. Inbound webhooks are verified with signed JWTs, outbound webhooks are HMAC-signed, requests are rate-limited, and secure HTTP headers ship on every response.
Errors and anomalies are monitored continuously with Sentry. Requests are rate-limited to blunt abuse, and security-sensitive account events trigger alert emails so issues surface quickly.
Sign in with email and password, Google, or Microsoft. Email verification is required before an account can be used, keeping access to your workspace protected.
We enable permission levels within the app for your teammates through role-based membership (owner, admin, and member), controlling access to app settings, billing, and content.
Add a second layer of protection with an authenticator app (TOTP) and single-use recovery codes, all stored encrypted.
All payments made to VideoMule go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
Every request is scoped to your organization on the server, derived from your authenticated session, never from client input, so one customer’s data is never returned to another.
We do not sell your personal data. You can request access to, export of, or deletion of your data at any time.
Deleting a project cascades cleanly to related records, and account deletion revokes access immediately while keeping a short recovery window before permanent removal.
The VideoMule Screen Recorder keeps recordings on your device (OPFS / IndexedDB) and uploads them only when you explicitly choose to.