Security & Compliance

How secure — and private — are your files in the cloud?

Our partnership with Seagate lets our customers take advantage of extremely affordable file storage costs, while benefitting from all of Seagate’s current state-of-the-art security features and its continuous development and research into cloud security.

Our Commitment

At Starchive, we are dedicated to achieving and maintaining the highest standards of security and compliance. Our controls and practices demonstrate our unwavering commitment to safeguarding the security and privacy of our clients’ data, supporting creators and creative teams globally.

Data Security

Data Encryption and Protection

In Transit: All data transmitted to and from our platform is securely encrypted using HTTPS with SSL/TLS protocols, safeguarding data as it moves across the internet.
At Rest: We use AES-256 encryption for data stored on our servers. Files are encrypted using managed keys that are rotated regularly, ensuring robust protection across our storage environments.

Access Controls and Permissions

Role-Based Access Controls (RBAC) and Multi-Factor Authentication (MFA) are enforced to manage and restrict access to sensitive information, ensuring that only authorized personnel have access based on their role requirements.

Secure Storage and Backup

Cloud Storage: Data is stored in secure, encrypted environments with leading cloud service providers.
Backup Practices: Regularly scheduled backups ensure data durability and resilience, with encrypted backups stored in multiple secure locations.

Secure Sharing and Collaboration

Secure Sharing: Utilizes mechanisms including signed URLs to share files securely, ensuring that shared content is accessible only to authorized users for a limited time.

Metadata Management

Metadata Tagging and Classification: Leveraging AI, metadata is automatically generated and tagged, allowing for efficient data management and enhanced security through categorization and sensitive data identification.

Compliance

Privacy Compliance

Regulatory Adherence: We comply with international privacy regulations including GDPR and CCPA, ensuring all personal data is handled with the highest standards of privacy and security.
Privacy Policy: Detailed in our privacy policy, our practices cover the comprehensive measures we take to protect personal information.

Audit Trails and Monitoring

Audit Logs: We maintain detailed logs of all system and user activities, including access and modifications to data. These logs support compliance, help detect unauthorized access, and facilitate forensic investigations.

Standardization and Vendor Risk Management

Controls: We adhere to standardized security frameworks and controls across our operations.
Vendor Assessments: Rigorous assessments ensure our vendors comply with our strict security and privacy standards, especially those handling sensitive or critical data.

Operational Integrity

System and Network Security

Regular Security Assessments: Including vulnerability scans and third-party penetration tests to identify and mitigate potential security vulnerabilities.
Incident Response: A formal incident response plan enables us to promptly address and mitigate any security incidents to minimize impact.

Continual Improvement

Updates and Patches: Regular updates to our systems and applications ensure we address security vulnerabilities and enhance functionalities.

Training & Awareness

Employee Security Training

Ongoing Education: Regular training on the latest security and privacy best practices ensure our team is well-prepared to uphold our security standards.

For more detailed information or to schedule a call, please contact us.

Your media is just that: yours.

Here’s a general rule of thumb about digital privacy: if you’re getting a service for free, then YOU are probably the product. Free services will often use your media and track your usage statistics for machine learning or marketing purposes.

But maintaining privacy is one Starchive’s priorities (you can read our full privacy policy here). Your media and data is never shared or used by Starchive or any third party — ever. Our team does not have any back-door access to your Starchive. The only time you’ll ever see us in your Starchive is if you explicitly invite one of our support team members to help you solve a technical issue.

Securely encrypted storage

This is where storing data in the cloud via AWS really outshines the traditional on-site server or storage device setup. Forget about installing firewalls, proxies, virus scanners, etc. Encryption and security protocols are built into AWS by default — and maintained by AWS — saving you time and money while giving you peace of mind that your data is secure.

Backups of your backups

No more worrying about lost media from a server crash or hardware malfunction. Your data is stored on multiple cloud servers across multiple facilities, so it’s always protected and always available.

24-7 Security Monitoring

Seagate continuously monitors their cloud infrastructures for suspicious activity. Seagate notifies Starchive of any sort of activity that is outside of the “norm,” which can help to identify suspicious activity including attempts at gaining unauthorized access.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-62402144-3	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_hp2_id.3582426800	1 year 1 month	No description
_hp2_ses_props.3582426800	30 minutes	No description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
debug	never	No description available.