Skip to main content

Compliance FAQ

AI Questions

What will the AI system be doing? Please provide a detailed description of its functions and applications.

Answer: Our product does not include any AI. Third-party AI tools can be used, but they are not governed by us.

What is Remotion's role?

  • Provider
  • Deployer
  • Distributor
  • Importer
  • Product manufacturer
  • Authorised representative

Answer: Remotion's role: Product manufacturer.

What AI model is being used? Describe the type, architecture, and any specific algorithms.

Answer: No AI model is included in our product.

How will customer input data be used? Specifically, will it be saved, used to train an AI system, or used for any other purpose beyond delivering the solution?

Answer: No AI is being used in our product. Third-party AI tools can be used, but they are not governed by us.

Is it a local model or does it communicate with external servers ("call home")?

Answer: N/A

Will any MNPI, customer data, confidential data, or personal data be input?

MNPI: Material nonpublic information

Answer: Remotion does not provide an AI system, and the core product runs within the customer's own infrastructure. Remotion does not collect or process customer application data, media content, or media metadata. For licensing and accountability, remotion.pro collects limited account and billing information and minimal render telemetry only: IP address, domain name, whether the render was in production or development, and whether it was a video or still image. If a customer chooses to use personal or confidential data in their own Remotion workflows, that data remains under the customer's control and responsibility.

Is Remotion compliant with all relevant local, national, and international regulations?

Answer: Remotion aims to operate its own services in accordance with applicable law, and for Enterprise customers Remotion supports necessary compliance processes aligned with the customer's internal policies or legal obligations. Because Remotion is primarily self-hosted software, customers remain responsible for ensuring their own deployments and use comply with the laws and regulations applicable to them.

Does Remotion have any certifications or accreditations related to AI, such as ISO 42001?

Answer: Remotion currently holds no accreditations.

Does Remotion own the intellectual property for the AI system, including the data it was trained on?

Answer: N/A - Remotion is not an AI system.

How does Remotion address bias in AI models and datasets?

Answer: N/A - Remotion is not an AI system.

Can Remotion provide documentation or evidence of bias assessments conducted on its AI system?

Answer: N/A - Remotion does not provide an AI system or AI model.

Does Remotion provide tools or methods for explaining AI decisions?

Answer: N/A - Remotion does not provide an AI system or AI-generated decisions.

How does Remotion ensure data quality and integrity?

Answer: For the core product, data quality and integrity are customer-managed because Remotion runs entirely in the customer's own infrastructure. On Remotion's side, the only operational data collected for licensing and accountability is limited telemetry and billing/account information. Telemetry is intentionally minimal, and where telemetry cannot be enabled, customers provide a verifiable monthly report of rendering activity.

What metrics and benchmarks does Remotion use to measure AI system performance?

Answer: N/A - Remotion does not provide an AI system or AI model.

Can Remotion provide performance evaluation reports, including relating to accuracy?

Answer: N/A - Remotion does not provide an AI system, so AI accuracy or model evaluation reports do not apply.

How does Remotion identify, assess, and mitigate risks associated with its AI system?

Answer: N/A - Remotion does not provide an AI system. More generally, Remotion publishes security best practices for use of the software and supports private vulnerability reporting for security issues.

Will customer data be fully anonymized, rather than pseudonymized, obscured, or aggregated, before being used to train and improve Remotion's AI model?

Answer: No customer data is used to train or improve any Remotion AI model, because Remotion does not provide an AI system or AI model. Remotion also does not collect customer media content, metadata, or end-user data as part of the core product.

What measures will be implemented to prevent re-identification, confidentiality breaches, or misuse of anonymized data?

Answer: N/A in the context of AI training, because Remotion does not use customer data to train an AI model. Separately, Remotion limits telemetry collection to minimal licensing and accountability data and does not collect customer media content, media metadata, or end-user data.

Hosting, Infrastructure & Disaster Recovery

Where is Remotion hosted (cloud provider, regions/data center locations)?

Answer: Remotion is a software library that runs entirely within your own infrastructure (local machines, CI/CD pipelines, or your own cloud). We do not host your videos, code, or application data. Our licensing platform (remotion.pro) is hosted on Vercel and is used for license management and rendering usage insights.

What infrastructure security practices are in place?

Answer: For the core product, infrastructure security is customer-managed because deployments are self-hosted. Remotion publishes security best practices at https://remotion.dev/security and supports private vulnerability reporting at security@remotion.dev.

What disaster recovery measures are implemented, including RTO (Recovery Time Objective) and RPO (Recovery Point Objective)?

Answer: For core rendering workloads, disaster recovery (including RTO/RPO) is managed in the customer's own infrastructure. remotion.pro is used for license management and billing and is non-critical to the core rendering product; temporary unavailability of remotion.pro does not take down customer-deployed Remotion rendering systems.

Is redundancy built into the system architecture?

Answer: For rendering systems built with Remotion, redundancy is implemented by the customer in their own architecture.

How does Remotion ensure high availability?

Answer: The core Remotion product runs in the customer's own infrastructure, so high availability for rendering systems is implemented by the customer. remotion.pro is used for license management, billing, and usage insights and is non-critical to customer-deployed Remotion rendering systems.

Are offsite backups encrypted?

Answer: Yes. For the limited data stored by remotion.pro, backups are encrypted by our cloud infrastructure providers. Customer application data and media content are not stored by Remotion.

What is Remotion's maintenance window period, and is zero-downtime availability supported?

Answer: The core Remotion product is hosted by the customer, so maintenance windows and zero-downtime availability are determined by the customer's own infrastructure. For remotion.pro, Remotion reserves the right to interrupt the service for maintenance, system updates, or other changes. Temporary unavailability of remotion.pro does not take down customer-deployed Remotion rendering systems.

Incident Response and Monitoring

What monitoring, logging, and incident response processes are in place?

Answer: As a local library, we do not monitor your infrastructure. However, for licensing and accountability purposes, we collect basic telemetry via an API call for each render (IP address, domain, environment, and media type). We do not collect any user data, media content, or metadata. If your corporate firewall or security policies prevent telemetry API calls, we offer an offline reporting alternative where you provide a verifiable monthly report of your rendering activity.

How are customers notified in the event of a security incident?

Answer: Security vulnerabilities discovered in the Remotion library are patched in new version releases and published via standard channels (e.g., changelogs).

What is Remotion's policy for security vulnerability fixes and patch management?

Answer: Security vulnerabilities in the Remotion library can be reported privately to security@remotion.dev. Confirmed vulnerabilities are addressed in new Remotion releases and communicated through standard release channels such as changelogs. Customers are responsible for updating the Remotion version used in their own deployments.

Has Remotion undergone vulnerability assessment / penetration testing?

Answer: Remotion has not undergone a formal vulnerability assessment or penetration test. Because the product is source-available and self-hosted, customers and security researchers can review and test the software in their own environments. We also welcome responsible disclosure and respond promptly to vulnerability reports and security questions at security@remotion.dev.

How can security questions be sent to Remotion?

Answer: Security questions and vulnerability reports can be sent to security@remotion.dev.

Security Standards and Certifications

What industry-standard security frameworks and certifications are followed (e.g., ISO 27001, SOC 2, GDPR, HIPAA, etc.)?

Answer: Remotion is a downloadable software library, not a hosted SaaS platform processing your data. Therefore, traditional SaaS certifications like SOC 2 or HIPAA do not apply to the core product. We do not currently hold ISO 27001 certification.

Data Protection and Encryption

How is data protected at rest and in transit?

Answer: Because Remotion runs on your infrastructure, your video and application data never leaves your environment and is not transmitted to us. The minimal data we do collect (telemetry and billing/account information) is encrypted in transit using standard TLS/HTTPS and encrypted at rest by our cloud infrastructure providers. Encryption at rest and key management are handled by those providers.

What encryption standards are used?

Answer: TLS/HTTPS for communication with the licensing server.

How is customer data segregated and secured?

Answer: N/A — we do not store customer application data.

Access Control, Authentication, and SSO

What authentication methods are supported (SSO, MFA, etc.)?

Answer: Remotion requires no login to run the library. Our licensing platform supports OAuth login via GitHub and Google, as well as email authentication. Email authentication uses a magic link (two-factor identification through email), and there are no passwords. We do not currently support SAML 2.0 SSO.

Does Remotion provide SAML 2.0 SSO access to all users?

Answer: Remotion is a software library that is installed and run entirely within your own infrastructure — it requires no login and has no hosted service component. SSO is therefore not applicable to the core product. Our licensing platform (remotion.pro) does have a login, but it is used solely for license management and does not support SAML 2.0 SSO. Since users interact with their own deployments of Remotion, there is no shared user directory to federate.

Does SSO include all admin users?

Answer: The Remotion library itself requires no login and has no admin user concept. However, on the remotion.pro licensing dashboard, the license holder acts as an admin and can invite team members to manage the license. The licensing platform has no SSO.

Can all non-SSO authentications be disabled?

Answer: N/A — Remotion requires no authentication at all. There is nothing to disable.

Is there a mobile application component to your solution?

Answer: No. Remotion is a software library and has no mobile application.

If so, does the mobile application support SSO?

Answer: N/A — there is no mobile application.

Can your mobile application be disabled?

Answer: N/A — there is no mobile application.

Is there a function to cancel active sessions and revoke access for users?

Answer: Remotion requires no login and maintains no user sessions. There is nothing to revoke. For the licensing platform, licenses can be revoked manually by contacting support.

How are user provision and deprovisioning managed? (e.g., SCIM integration, Just-in-time provisioning)

Answer: The Remotion library itself has no user accounts. However, on the remotion.pro licensing dashboard, the license holder can provision or deprovision access (Seats) for team members to manage the license and view rendering insights. We do not currently support SCIM or Just-in-time provisioning.

Can the current default session expiry be configured?

Answer: N/A — Remotion requires no login and maintains no sessions.

Compliance and Privacy

How does Remotion handle data privacy compliance across regions?

Answer: Remotion does not collect, process, or store application data or media content from your end-users. We only store the billing/account information of the developers purchasing the license, and we collect basic telemetry (which includes IP addresses) solely for licensing accountability. All data is handled in compliance with applicable privacy laws (such as GDPR), and telemetry data is never used for profiling, marketing, or tracking end-users across sites.

What controls are in place for GDPR, CCPA, or other privacy regulations?

Answer: We only store the billing and account information of the developers purchasing the license, which is handled in compliance with GDPR.

What does Remotion do, and how does it work?

Answer: Remotion is a software library for creating videos and images using code. Customers install and run it in their own local, CI/CD, cloud, or on-premise infrastructure. remotion.pro provides license management, billing, and rendering usage insights.

In which countries is Remotion available?

Answer: Remotion is downloadable software that can be used by customers globally, subject to applicable law and the customer's own deployment choices. remotion.pro is an online licensing and billing platform available to customers through the web.

What data does Remotion process?

Answer: The core Remotion product does not send customer media content, media metadata, or customer application data to Remotion. remotion.pro processes account and billing information provided through license management and payment flows, plus telemetry generated by licensed Remotion renders for licensing accountability: IP address, domain name, whether the render was in production or development, and whether the render was a video or still image. Render inputs, outputs, and media files remain in the customer's own infrastructure.

Who has access to the data?

Answer: Remotion does not access customer application data or rendered media. Access to remotion.pro account, billing, license, and telemetry data is limited to Remotion personnel, contractors, and service providers who need access to operate, support, secure, or administer the service.

Can Remotion connect to internal or external applications?

Answer: The Remotion library can be integrated by customers into their own internal or external applications, pipelines, and infrastructure. Remotion does not require access to those systems. remotion.pro is separate and is used for license management, billing, and usage insights.

Where is Remotion's privacy notice?

Answer: https://www.remotion.pro/privacy

Can Remotion provide a data protection agreement?

Answer: Yes. Remotion can provide a data protection agreement for customers that purchase an Enterprise license.

Who is the data controller for the information?

Answer: For remotion.pro account, billing, license, and telemetry data, Remotion is the data controller unless otherwise specified. For customer application data, media inputs, and generated outputs that remain in the customer's own infrastructure, the customer determines the purposes and means of processing.

How does Remotion adhere to data minimization principles?

Answer: Remotion does not collect customer media content, media metadata, or customer application data. Telemetry is limited to the fields needed for licensing accountability and usage insights: IP address, domain name, production/development environment, and media type.

Will the application include any profiling of individuals, or automated decision making?

Answer: No. Remotion does not provide AI-based profiling or automated decision making. Telemetry is used for licensing accountability and rendering usage insights, not for profiling end users.

Data Retention and Deletion Policies

What are the data retention policies?

Answer: We retain billing and license account data, as well as telemetry logs (IP address, domain, environment, media type) used to calculate rendering volumes and provide usage insights.

How can data be deleted or archived by customers?

Answer: Depending on the license setup (e.g., a regular Company License), customers can delete project data from the Remotion Dashboard themselves. Billing information cannot be deleted that way and must be handled by the Remotion support team. Customers can also request the full deletion of their remotion.pro account and associated data by contacting support.

Can a particular individual's data be isolated and deleted?

Answer: Users can request access to, correction of, or deletion of personal data processed by Remotion, subject to legal obligations and legitimate business needs such as tax, accounting, or legal-claims retention. Customer application data and rendered media remain in the customer's own infrastructure and must be handled by the customer.

Can personal data be changed after it is input?

Answer: Users may verify and request correction of personal data processed by Remotion. Some records, such as billing or tax records, may need to be retained or handled through support rather than changed directly in the dashboard.

Can users receive a copy of their personal information?

Answer: Users have the right to receive a copy of personal data processed by Remotion where applicable and possible, in a structured, commonly used, machine-readable format. Requests can be made through Remotion support.

Available Plans and Features

What subscription plans are available?

Answer: Plans are Free License, Company License, and Enterprise License. Company License options are Remotion for Automators ($0.01 per render, $100/month minimum) and Remotion for Creators ($25 per seat/month, no minimum). Enterprise License has a $500/month minimum spend.

What features are included in each plan, especially related to security, governance, and enterprise controls?

Answer: All license tiers use the same core Remotion software. Because Remotion is self-hosted, governance and security controls (such as role-based access to rendering pipelines) are implemented in your own infrastructure. Enterprise adds contractual flexibility (custom terms), support during onboarding/compliance, an optional private support channel, and prioritized feature-request evaluation.

Legal and Governing Terms

Which terms and conditions govern use of Remotion?

Answer: Remotion's Terms and Conditions govern use of the Remotion Software and related services: https://www.remotion.pro/terms

Is there a separate End-User License Agreement for end users of this service?

Answer: No separate EULA is required for end users of the customer's application. The Remotion Software license is governed by Remotion's Terms and Conditions. Customers remain responsible for the terms governing their own products and end users.

What order forms are necessary to procure Remotion licenses or seats?

Answer: Company licenses can be configured and purchased through the Remotion licensing flow and Remotion Dashboard. Enterprise customers can contact hi@remotion.dev for custom terms and procurement requirements.

Accessibility and Sustainability

What has Remotion done to make its product accessible and inclusive?

Answer: Remotion maintains an accessibility statement for remotion.pro at https://remotion.pro/accessibility. The statement describes the current conformance status, known limitations, audit methodology, and accessibility feedback process.

Does Remotion have an external accessibility report?

Answer: The VPAT 2.5Rev is available as a direct PDF download from https://remotion.pro/accessibility. The full RGAA audit report is available on request at hi@remotion.dev.

How does Remotion ensure releases meet accessibility standards?

Answer: remotion.pro is assessed against WCAG 2.1 Level AA and RGAA 4.1.2. The accessibility statement documents manual audit methodology and automated scanning with axe-core integrated into the end-to-end test suite.

What actions does Remotion take to protect the environment or reduce its carbon footprint?

Answer: Remotion does not currently have formal corporate environmental policies or carbon-reduction initiatives. The core Remotion product runs in customer-managed infrastructure, so the environmental impact of rendering workloads depends primarily on each customer's deployment and cloud-provider choices. remotion.pro is limited to licensing, billing, and usage insights.