// Trust & Security Report

    OpusClip (Opusclip Inc.) logo

    OpusClip (Opusclip Inc.)

    AI video clipping, repurposing, and editing platform (web app + API)

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Compliance ... SOC 2 Type 2 ... Request

    Verify on trust.opus.pro
    SOC 3
    HELD

    Compliance ... SOC 3 ... Request

    Verify on trust.opus.pro
    GDPR
    HELD

    Compliance ... GDPR ... Subprocessors. Privacy policy: 'Purpose and Legal Basis for Processing according to the GDPR' and 'We enter into Data Protection Agreements with all of our sub-processors'.

    Verify on trust.opus.pro
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Not mentioned anywhere in the trust center or compliance list.

    source: trust.opus.pro
    HIPAA
    NOT CONFIRMED

    Not mentioned in the trust center or compliance list.

    source: trust.opus.pro

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    United States (Google Cloud)

    OpusClip uses personal data for AI research and model development. It is opt-out, not opt-in: 'If you are based in the European Union or European Economic Area, you are free to opt out of any use of your personal data for our AI research and model-development activities.' The policy frames an 'Opt-Out & Right to Object to AI Research and Development' section and an opt-out path: 'Send an e-mail to contact@opus.pro with the subject line AI R&D – Opt-Out.' The explicit opt-out right is articulated for EU/EEA users; default-on processing is implied for other regions. Subprocessor list includes OpenAI, so user content may flow to a third-party model provider.

    // Security controls

    Continuous monitoring

    Continuously monitored by Secureframe

    trust.opus.pro

    Third-party penetration testing

    A 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually

    trust.opus.pro

    Vulnerability scanning

    Vulnerability scanning is performed on production infrastructure systems, and identified deficiencies are remediated on a timely basis

    trust.opus.pro

    Encryption

    An Encryption and Key Management Policy supports the secure encryption and decryption of app secrets, and governs the use of cryptographic controls

    trust.opus.pro

    Access control

    Access to Product is Restricted; Access Control and Termination Policy; Production Data Use is Restricted

    trust.opus.pro

    Incident response

    Incident Response Plan with tracking and annual plan testing

    trust.opus.pro

    Business continuity / DR

    Business Continuity and Disaster Recovery Policy with periodic testing and uptime/availability monitoring

    trust.opus.pro

    Bug bounty

    No public bug-bounty program (HackerOne/Bugcrowd) found; security contact is infosec@opus.pro for disclosures

    trust.opus.pro

    Key subprocessors

    Google, OpenAI, Stripe, GitHub, Intercom, MongoDB, Redis, WorkOS, Cloudflare

    trust.opus.pro

    // Products & data scope

    OpusClip Web App (Free / Pro)Consumer/creator AI video clipping

    data: User-uploaded videos or linked videos (YouTube, Drive, Vimeo, Zoom, etc.), account data, usage data. Processed on US Google Cloud. Subject to opt-out AI R&D use.

    Core self-serve product used by 16M+ creators. AI clipping, captioning, reframe, B-roll, audio enhance, voice-over.

    OpusClip for TeamsTeam/business collaboration

    data: Shared team workspace content, brand templates, member accounts. Same US data region and security controls.

    Team workspace, brand templates, collaboration. Same SOC 2 / Secureframe-monitored posture as the platform.

    OpusClip API / Workflow IntegrationDeveloper / automation

    data: Programmatic video inputs and CMS integration data; same subprocessor and US-region scope.

    API for integrating clipping into customer CMS/workflow automation. Enterprise-relevant integration path; DPA available via subprocessor coverage.

    Agent OpusAgentic AI video workflow (newer offering)

    data: Not separately documented in trust center; assume same platform scope.

    Newer agent product surfaced in nav; distinct data scope not separately published.

    // What to watch

    • AI training on user data is opt-out (default-on), not opt-in; explicit opt-out right is articulated for EU/EEA users, with default processing implied elsewhere. Opt-out requires emailing contact@opus.pro.
    • Uploaded/linked customer video content can be processed by third-party model providers (OpenAI is a listed subprocessor).
    • SOC 2 Type 2 and SOC 3 reports are gated behind a request form, not publicly downloadable; cannot independently confirm report scope/period without requesting.
    • No ISO 27001 or HIPAA; not suitable for regulated health/PHI workloads.
    • No public bug-bounty program; single US data region only.
    • Cookie consent banner shows broad ad/marketing/analytics data sharing with third parties on the marketing site.

    // At a glance

    Pricing model

    Freemium SaaS (Free tier + paid Pro/Business/Teams subscriptions) with API access

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on OpusClip (Opusclip Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.opus.pro

    > Browse all vendor trust reports