Trusted by award-winning studios

Our security promise

Protecting the data that you entrust to us is of critical importance. We are 100% committed to eradicating threats to your data and to remaining vigilant in an ever-evolving landscape. We set only the highest standards for ourselves when it comes to the protection of your data. Rest assured that we will always take security very seriously as we strive to merit the trust that you have placed in us.

Download the ftrack security white paper


By clicking Send you agree to our Privacy Policy.

We build ftrack and cineSync to ensure security from the ground up. TPN compliance, third-party cybersecurity audits, and rigorous in-house security ensure that we protect your content, however we develop the platform.

Product security

From design to release, we check and double check everything.

Learn more

Audits & compliance

TPN compliance, Bishop Fox cybersecurity audits, and more.

Learn more

Security features

New features added regularly, from 2FA and passphrases to SSO.

Learn more

Award-winning

Learn more about the Oscar and Emmy-winning cineSync.

Learn more

Tom Box

Co-founder & Executive Producer, Blue Zoo

“Rather than having to hunt artists down to query them about what status an asset is in, all of that information is securely held in one central location with no ambiguity.”

Security resources

Secure remote workflows

Learn more

Passphrase protection

Learn more

Two-factor authentication

Learn more

Security on the cloud

ftrack’s servers run on Google Cloud Platform – which provides a strong base of security from step one – and files are stored on Amazon S3 storage.

We’ve built on top of this foundation with a number of features designed to keep your content safe. Firewalls and AES-256 data encryption at rest are just the start. Product features like single sign-on and 2FA further reinforce your account from threat.

Rest assured that, even when working in the cloud, your content remains safe.

ftrack product security

From design to release, there is no step of the ftrack product lifecycle that doesn’t undergo rigorous security checks.

The conversation starts as soon as we conceive any new feature. We identify risks early on, integrate tools to detect vulnerabilities, and perform penetration testing to ensure every step we take keeps your content secure.

When we release new builds, multiple authorization and permission tests (both white- and black-box testing) run automatically. If we make changes to the application source code, they’re logged and reviewed by two developers at minimum to ensure absolute security.

User authentication

The only people using your ftrack instance will be those with permission.

ftrack supports authentication using LDAP/AD/Google/SAML accounts or native ftrack accounts. API access requires the user to provide a personal API key, and all requests to access files on the server are signed using an HMAC-SHA256 algorithm supplied by AWS. Once authenticated, a user’s role dictates what they can and cannot do within the product.

We make sure these processes remain robustly secure via vulnerability checks and simulated penetration attacks on our outward-facing services. These tests include third-party audits by independent security evaluators Bishop Fox.

Security features in ftrack

We build ftrack around security. While we introduce many new features designed to enhance and optimize workflows, we simultaneously develop and release features to keep these workflows safe and bolster the security of your studio’s content.

We regularly implement features such as SAML-based single sign-on, private projects, and two-factor authentication to keep our users confident that their work stays secure.

We continually review and update our security feature-set, so expect more to come from ftrack in the months ahead.

Some of our security processes

Here’s a quick look at some of the processes we have in place at ftrack HQ to keep your work locked up and safe.

  • Audits: Security assessments carried out on a regular basis by independent third-party security experts, Bishop Fox.
  • Compliance: Compliant with the MPA and CDSA’s Trusted Partner Network; the media and entertainment industry’s leading security authority.
  • Incident management: Tracking, monitoring, and analysis of all incidents to ensure non-repetition.
  • Vulnerability scanning: Simulated attacks and network, cloud, and application penetration tests by independent security evaluators.
  • Change control: Application source code changes reviewed by two developers at minimum.
  • System backup: All data regularly backed up on Amazon S3 to ensure maximum redundancy. Backups are encrypted at rest using AES-256.

cineSync security

The Academy Award- and Emmy-winning cineSync was created by industry veterans to cater to the needs of contemporary creative studios. It combines security with the quality and flexibility required of production today.

cineSync does not store media, and no media file ever passes through our servers. The only information transferred during a session are sync commands – and they’re 256-bit encrypted. It’s why the world’s largest studios trust us with their content.

Internal security at ftrack HQ

Security at ftrack extends beyond our product. It’s a part of everything we do. Here are some of the ways we stay secure at the ftrack office.

  • 2FA on all company accounts
  • Firewall, antivirus software, and disk encryption for all employees
  • Regular security briefs
  • Annual security awareness training
  • Encrypted digital keys
  • Strict confidentiality agreements