Security
Last updated: June 2026
At Kedy.AI we take the security of your data and information seriously. We have implemented robust technical and organizational measures to protect the confidentiality, integrity and availability of our cloud-based AI video platform — including AIShort, AIDubbing, AI video generation, subtitles and the browser editor. This Security Statement outlines our approach and the steps we take to safeguard your account and the content you upload.
Our approach
Security is built into how we design, build and operate the Service, not added afterwards. We apply defense-in-depth — layering encryption, access controls, monitoring and operational practices — so that no single control is a single point of failure, and we continuously review our measures against evolving threats.
Encryption
Data is encrypted in transit using TLS, so information moving between your browser and our servers — and between our internal services — is protected from interception. Stored content and backups are encrypted at rest in our cloud infrastructure using strong, industry-standard algorithms. Encryption keys are managed through our cloud providers' key-management services and are restricted to authorized systems.
Secure infrastructure
Our infrastructure is hosted on reputable, secure cloud platforms that adhere to stringent physical, network and operational security standards and maintain widely recognized industry certifications for their data centres. Processing of your uploads happens on managed infrastructure used solely to deliver the Service. We regularly update and patch our systems to protect against known vulnerabilities.
Network security
Production systems run within segmented network environments protected by firewalls and security-group rules that restrict traffic to what is necessary. Administrative interfaces are not publicly exposed, and access to internal services follows the principle of least privilege.
Access controls
Access to production systems and customer data is limited to authorized personnel on a strict need-to-know basis, is individually authenticated, and is logged. We follow the principle of least privilege, grant the minimum access required for a role, and review and revoke access promptly when it is no longer needed.
User authentication
We use secure authentication mechanisms so that only authorized individuals can access and use Kedy.AI. Sign-in uses email verification codes and supported single sign-on (SSO) providers. We never store your password in plain text. We recommend keeping your email account secure and not sharing your sign-in credentials or verification codes with anyone.
Application security
We follow secure development practices, including code review and dependency management, and we monitor for vulnerabilities in our software and the third-party components we rely on. We apply security updates promptly based on risk.
Data privacy and segregation
We respect your privacy and process personal information in accordance with our Privacy Policy and applicable data-protection laws. We do not sell your information, and we do not share it with third parties for their own purposes without your consent. Customer data is logically separated and accessed only to provide and support the Service.
Monitoring and logging
We log access to and activity within our systems and monitor for anomalous or suspicious behaviour. These logs help us detect potential incidents, investigate issues and support accountability across our infrastructure.
Backups and resilience
We maintain encrypted backups and design the Service for resilience so that we can recover data and restore operations in the event of a failure. Backups are retained for a limited period and then cycled out.
Vulnerability management
We regularly assess our systems for vulnerabilities, apply patches based on severity, and remediate identified risks. This includes ongoing monitoring of the components and dependencies our platform uses.
Third-party and sub-processor security
Where we rely on service providers (for hosting, storage, AI and media processing, analytics, email or payments), we choose reputable vendors and require them, by contract, to maintain appropriate security and confidentiality protections and to process data only on our instructions.
Payments
Payments are handled by a PCI-compliant payment processor. We do not store full payment card details on our systems, reducing the risk associated with handling sensitive cardholder data.
Regular audits
We conduct regular security reviews and assessments to identify and address potential vulnerabilities or risks. This includes internal reviews and may include assessments by independent security experts to validate and improve our controls.
Employee security and training
Our personnel undergo security awareness training so they understand their roles and responsibilities in protecting your data, and they are bound by strict confidentiality obligations. Access to systems and data is granted based on role and removed when no longer required.
Incident response
In the event of a security incident, we have established procedures to promptly detect, respond to, investigate and mitigate the impact. Where a breach may affect your personal data, we will notify you and the relevant authorities as required by applicable laws and regulations.
Business continuity
We design our operations to minimize disruption and to recover from incidents, with redundancy and recovery procedures intended to keep the Service available and your data protected.
Data retention and deletion
We retain data only as long as needed to provide the Service or to meet legal obligations, after which it is deleted or anonymized. For details on retention and your rights over your data, see our Privacy Policy.
Your role in security
Security is a shared responsibility. You can help protect your account by keeping your email and devices secure, not sharing verification codes or credentials, signing out of shared devices, and contacting us immediately if you suspect unauthorized access to your account.
Responsible disclosure
If you believe you have found a security vulnerability in Kedy.AI, we encourage responsible disclosure. Please email security@kedy.ai with details and steps to reproduce, and give us a reasonable opportunity to investigate and resolve the issue before public disclosure. We appreciate the security community's help and will work with you to address valid issues promptly.
Continuous improvement
We continuously monitor and improve our security practices to stay ahead of emerging threats and maintain a high level of protection for the Service. We engage in ongoing risk assessment and implement additional measures as appropriate.
Contact
If you have any questions or concerns about the security of Kedy.AI, or if you believe there has been a security incident, please contact us at security@kedy.ai.