Security and Compliance for Personalized Video at Scale

When you use personalized video to communicate important information—whether to customers, employees, partners, or members—you’re not just delivering content.

You’re handling sensitive data, high-stakes messaging, and trust.

That’s why security at Pirsonal is not treated as a feature. It’s part of how the platform is built, how campaigns are delivered, and how we support your team from day one.

This page explains how Pirsonal approaches security, compliance, and data protection—so you can confidently evaluate whether it fits your requirements.

Is Pirsonal secure and compliant for enterprise use?

Yes.

Pirsonal operates under an Information Security Management System aligned with ISO/IEC 27001:2023, and is designed to support organizations that need:

• Secure handling of personalized data
• Controlled access and delivery
• Compliance with regulations such as GDPR
• Flexible infrastructure aligned with internal IT policies

It combines technical safeguards, operational processes, and hands-on support—so your team can move forward without unnecessary risk or complexity.

Why security matters more in personalized video

Personalized video often involves:

• Customer or employee data
• Financial or contractual information
• Performance or impact metrics
• Individually tailored messaging

In many cases, these videos are used in critical moments, such as:

• Customer onboarding
• Financial communications
• Employee benefits or compensation updates
• Renewal or retention campaigns
• Member or stakeholder reporting

These are not “nice-to-have” messages.
They are moments where understanding and action matter.

And that means your security approach must be clear, defensible, and aligned with your internal standards.

Security foundations: how Pirsonal is built

Pirsonal’s approach to security combines infrastructure, access control, data protection, and operational governance.

Information Security Management (ISO 27001-aligned)

Pirsonal maintains an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2023, focused on:

• Risk management and continuous improvement
• Documented policies and procedures
• Defined roles and responsibilities
• Ongoing monitoring and review

This provides a structured foundation to manage security across the organization and platform.

Access control and identity management

Access to systems and data is controlled using clear principles:

• Role-based access control (RBAC)
• Least-privilege access enforcement
• Approval-based access provisioning
• Immediate revocation upon role change or termination

Additional protections include:

• Multi-factor authentication (MFA) for critical systems
• Restricted access to production environments
• Periodic access reviews

This ensures that only the right people can access the right data—at the right time.

Infrastructure and hosting

Infrastructure and Hosting

By default:

• Media storage (videos, images, audio files) is hosted on Microsoft Azure, leveraging secure, enterprise-grade cloud infrastructure.
• Pirsonal applications and databases are hosted on dedicated infrastructure managed by Pirsonal, with support from trusted infrastructure partners (as detailed in our subprocessor list).
• Data residency options include:
  • European Union (EU)
  • United States (US)

For organizations with stricter requirements:

• Custom hosting is supported via:
  • AWS S3
  • Azure Blob Storage

Additional capabilities include:

• CDN-based delivery for global performance
• Scalable infrastructure for high-volume campaigns

Data protection and privacy

Pirsonal is built to support GDPR-aligned data handling and enterprise privacy expectations.

Key principles include:

• Data ownership always remains with the client
• Data is processed only as required for service delivery
• Personal data exposure is minimized through design

Security features include:

• Anonymized URLs and media options
• Password-protected video access
• Controlled access via personalized landing pages
• Secure handling of metadata and user-level information

Encryption

To protect data integrity and confidentiality:

• Data in transit is secured using TLS 1.2 or higher
• Data is handled using industry-standard encryption practices

Control how your data is used, stored, and deleted

One of the most important aspects of compliance is not just protection—but control.

Pirsonal gives you flexibility over how your data behaves across its lifecycle.

Data residency

You can choose where your data is stored:

• European Union (EU)
• United States (US)
• Custom environments upon request

Data lifecycle and retention

Pirsonal supports clear data lifecycle management:

• Data is retained only as long as necessary
• Media files can be automatically deleted after rendering
• Storage duration can be configured based on your needs

Data deletion and control

You can remove data at any time:

• Via API
• Via manual request

This ensures compliance with internal policies and regulatory requirements.

Secure delivery of personalized video

Security doesn’t stop at storage—it extends to how content is delivered.

Pirsonal provides multiple secure delivery options:

• Personalized landing pages powered by anonymized IDs
• Secure, embeddable video player
• Anonymized video links
• Optional password protection

These capabilities allow you to deliver personalized experiences without exposing sensitive information.

Please review our recommended security recommendations for platform users.

Monitoring, logging, and incident response

Monitoring and logging

Pirsonal maintains visibility into system activity through:

• Logging of authentication and access events
• Monitoring for unusual or suspicious behavior
• Alerting mechanisms for anomalies

Incident response

Pirsonal follows structured incident management procedures:

• Incidents are logged and classified by severity
• Defined escalation processes are in place
• Root cause analysis is performed after resolution
• Corrective and preventive actions are tracked

Client notification

If an incident affects client data:

• Clients are notified without undue delay
• GDPR-aligned notification timelines are followed where applicable

Subprocessors and third-party services

Pirsonal works with carefully selected subprocessors to support:

• Infrastructure
• Support services
• Platform operations

Controls include:

• Data Processing Agreements (DPAs) in place
• Security and compliance evaluation of subprocessors
• Periodic review processes

Clients can request the latest subprocessor list at any time.

Business continuity and reliability

To ensure continuity of service:

• Backup procedures are in place and periodically tested
• Recovery processes are documented
• Infrastructure is designed for availability and resilience

This helps ensure that campaigns and communications remain reliable—even under unexpected conditions.

Designed to support procurement and InfoSec reviews

Pirsonal is structured to support common enterprise processes, including:

• Security questionnaires
• Vendor risk assessments
• Procurement and legal reviews

We provide:

• Security overview documentation
• Data Processing Agreement (DPA)
• Subprocessor list
• Infrastructure and hosting details

Additional documentation can be shared under NDA when required.

Security is not just technical—it’s operational

For many teams, the biggest challenge is not just “Is the platform secure?”

It’s:

• “Can we implement this securely?”
• “Will this pass internal review?”
• “Do we have the resources to manage this?”

That’s where Pirsonal is different.

You’re not left alone to figure it out.

• Expert assistance from day one—strategy, setup, and beyond
• Guidance on secure campaign configuration
• Support during InfoSec and procurement processes
• Help aligning your campaign with internal policies

Why teams choose Pirsonal for secure personalized video

Organizations choose Pirsonal when they need:

• A platform that adapts to their infrastructure and policies
• Clear, controllable data handling
• Support during implementation—not just software access
• A solution designed for real-world, high-stakes communication

Because in the end, security is not just about protection.

It’s about enabling your team to communicate clearly, confidently, and responsibly—at scale.