// Trust & Security Report
OpusClip (Opusclip Inc.)
AI video clipping, repurposing, and editing platform (web app + API)
Certifications held
3
Maturity
Growth
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.opus.pro“Compliance ... GDPR ... Subprocessors. Privacy policy: 'Purpose and Legal Basis for Processing according to the GDPR' and 'We enter into Data Protection Agreements with all of our sub-processors'.”
> Show 2 unconfirmed / not-held certifications
source: trust.opus.proNot mentioned anywhere in the trust center or compliance list.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
United States (Google Cloud)
OpusClip uses personal data for AI research and model development. It is opt-out, not opt-in: 'If you are based in the European Union or European Economic Area, you are free to opt out of any use of your personal data for our AI research and model-development activities.' The policy frames an 'Opt-Out & Right to Object to AI Research and Development' section and an opt-out path: 'Send an e-mail to contact@opus.pro with the subject line AI R&D – Opt-Out.' The explicit opt-out right is articulated for EU/EEA users; default-on processing is implied for other regions. Subprocessor list includes OpenAI, so user content may flow to a third-party model provider.
// Security controls
Third-party penetration testing
A 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually
trust.opus.proVulnerability scanning
Vulnerability scanning is performed on production infrastructure systems, and identified deficiencies are remediated on a timely basis
trust.opus.proEncryption
An Encryption and Key Management Policy supports the secure encryption and decryption of app secrets, and governs the use of cryptographic controls
trust.opus.proAccess control
Access to Product is Restricted; Access Control and Termination Policy; Production Data Use is Restricted
trust.opus.proBusiness continuity / DR
Business Continuity and Disaster Recovery Policy with periodic testing and uptime/availability monitoring
trust.opus.proBug bounty
No public bug-bounty program (HackerOne/Bugcrowd) found; security contact is infosec@opus.pro for disclosures
trust.opus.proKey subprocessors
Google, OpenAI, Stripe, GitHub, Intercom, MongoDB, Redis, WorkOS, Cloudflare
trust.opus.pro// Products & data scope
data: User-uploaded videos or linked videos (YouTube, Drive, Vimeo, Zoom, etc.), account data, usage data. Processed on US Google Cloud. Subject to opt-out AI R&D use.
Core self-serve product used by 16M+ creators. AI clipping, captioning, reframe, B-roll, audio enhance, voice-over.
data: Shared team workspace content, brand templates, member accounts. Same US data region and security controls.
Team workspace, brand templates, collaboration. Same SOC 2 / Secureframe-monitored posture as the platform.
data: Programmatic video inputs and CMS integration data; same subprocessor and US-region scope.
API for integrating clipping into customer CMS/workflow automation. Enterprise-relevant integration path; DPA available via subprocessor coverage.
data: Not separately documented in trust center; assume same platform scope.
Newer agent product surfaced in nav; distinct data scope not separately published.
// What to watch
- AI training on user data is opt-out (default-on), not opt-in; explicit opt-out right is articulated for EU/EEA users, with default processing implied elsewhere. Opt-out requires emailing contact@opus.pro.
- Uploaded/linked customer video content can be processed by third-party model providers (OpenAI is a listed subprocessor).
- SOC 2 Type 2 and SOC 3 reports are gated behind a request form, not publicly downloadable; cannot independently confirm report scope/period without requesting.
- No ISO 27001 or HIPAA; not suitable for regulated health/PHI workloads.
- No public bug-bounty program; single US data region only.
- Cookie consent banner shows broad ad/marketing/analytics data sharing with third parties on the marketing site.
// At a glance
Pricing model
Freemium SaaS (Free tier + paid Pro/Business/Teams subscriptions) with API access
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on OpusClip (Opusclip Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.opus.pro