Everything from one shoot

A whole storytelling operation in one place.

Ingest footage, let Cue understand it, then cut, publish, and steward — with a human approving every step.

Explore the product →

Capabilities

Ingest & auto-understandTranscribe, tag, and shot-type every clip
Editroom & ClipsOne shoot into finished cuts and social clips
Storyboard & YouTube PackPlan the shoot, publish the upload
Donor Snacks & StoryBoostSteward givers, amplify what moves people
Benchmarks~5,000 nonprofit channels, tracked daily
Cue · MCP + API

Your whole story library, readable by AI agents.

StoryOS exposes an open Model Context Protocol surface, so the tools your team already uses can read and act on the story graph — human-approval gates intact.

CCueClaudeChatGPTGeminiCursor

Trust & security

Security built for sensitive stories.

Mission-driven organizations trust StoryOS with footage of real people in real places. We protect it with encryption, strict access controls, and clear commitments about how AI touches your content. This page lays out exactly how.

How your data is protected

The controls below apply to every organization on StoryOS, on infrastructure that is independently audited to SOC 2 Type II.

Encryption everywhere

Your data is encrypted in transit with TLS 1.2+ and at rest with AES-256 across our infrastructure. For enterprise customers that require it, we can apply field-level encryption to specific sensitive fields.

Tenant isolation

Each organization's data is isolated by a permission layer enforced in our application code. Every request passes a role and resource-scope check before any query runs, and denied attempts are written to an audit log.

MFA and least privilege

Multi-factor authentication is required on every account that can reach production or customer data. Internal access follows least privilege and is reviewed regularly.

Tested backups

Our database supports continuous point-in-time recovery, and we test the restore process so a recovery works when it is needed.

A documented security program

We maintain a written information-security policy, a data-classification scheme, and an incident-response plan with a 48-hour breach-notification commitment.

Vendor diligence

Every infrastructure provider we rely on maintains SOC 2 Type II, each bound by a data-processing agreement.

Our AI commitments

AI makes your archive searchable and helps draft. These commitments are structural — they apply to every account and every piece of content.

Your content is never used to train AI models

We use providers' enterprise API tiers, whose terms prohibit training on customer content, and we lock this in by contract.

US-hosted models only

All AI inference runs on Google Gemini in the United States. We use no Chinese-hosted models — this is a hard rule across the entire stack.

Real footage

Source footage and anything presented as documentary content is always real. AI-generated imagery is limited to thumbnail graphics.

Human approval on every narrative surface

AI proposes and drafts. A person approves before anything reaches a client, donor, or audience. The suggest-and-approve gate is built into the platform itself.

AI logs exclude your content

We log the model, token counts, and cost of each AI call. We do not store the content of AI outputs.

Infrastructure & subprocessors

We build on a small set of providers, each maintaining SOC 2 Type II and each bound by a data-processing agreement. We notify customers at least 30 days before adding or changing a subprocessor.

Where we stand on compliance

We are direct about what is in place today and what is on our roadmap.

SOC 2

Our infrastructure providers maintain SOC 2 Type II, so those controls are inherited today. Our own SOC 2 program is on a phased roadmap — Type I, then Type II — which we begin when an enterprise engagement requires it. We will state it as in progress and will not claim certification until an independent auditor has issued a report.

Data processing

We provide a standard Data Processing Addendum for customers to review and sign, with EU Standard Contractual Clauses where relevant. We execute back-to-back DPAs with each subprocessor so our commitments flow through to every provider.

Data residency

Our platform processes data in the United States by default. Enterprise deployments can keep your data in your own cloud region.

Incident response

We follow a documented incident-response runbook and notify affected customers of a personal-data breach without undue delay and within 48 hours of becoming aware.

Enterprise

Your cloud, your keys

For enterprise deployments, we provision a data lake in your own cloud account. Your media and audit logs stay in your account, encrypted under a key you hold, with an audit trail you control and the ability to revoke our access at any time. Your security team reviews and approves the design before anything is provisioned.

Talk to us about security

Security questions, a vendor review, or our Data Processing Addendum — reach us directly. Our DPA and subprocessor list are available on request.