Security Risk & Privacy
at Twelve Labs


Twelve Labs establishes policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors.

Foundational security and privacy principles

  1. Identity and least privilege: Access to data and resources should be attributed to an identity and limited to only those with a legitimate business need and granted based on the principle of least privilege.
  2. Defense in-depth: Apply multiple layers of security controls.
  3. Protect data in transit and at rest: Always protect data in-transit and at-rest from unauthorized access and/or modification.
  4. Landscape evolution: Security controls should continuously be revised and improved to keep up with the ever evolving threat landscape.

Data protection

Twelve Labs encrypts and protects sensitive information across the transformation and analysis process.

  • Data in Transit - TLS 1.2 or higher for any data exchange over insecure networks.
  • Data at Rest - All data storage is encrypted at rest with AES 256-bit encryption at minimum.

Access management & authentication

Twelve Labs’ platform provides full control of access to all hosted information

  • Account Authentication: Enforce advanced authentication methods, using multi-factor authentication wherever possible.
  • Granular Access Control and Review: Role-based access, visibility and user access rights. Regular access review and analysis.
  • Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity.

Software development practices

Security processes and have been integrated into the Twelve Labs software development processes.

  • OWASP based security controls design
  • Separation between dev, staging, and prod
  • Use of test data in development environment
  • Code peer review
  • Penetration testing
  • Code repository controls
  • Threat modeling
  • Deployment control

Infrastructure security

Twelve Labs leverages Amazon Web Services (AWS) and we utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration.

  • Network intrusion detection
  • Code vulnerability scanning
  • Penetration testing
  • System, network, application log analysis, reporting, and retention

Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.

Security awareness training

Twelve Labs security awareness training program educates employees on various security threats, risks, and preventive measures.It aims to empower our team members with the knowledge and skills needed to identify and mitigate security issues effectively.

Regular third-party security

  • TwelveLabs identifies and evaluates security risks of vendors and third parties. Risk evaluation covers:        
    - Access control to customer and corporate data      
    - Integration with production environments
  • Third-party agreements: TwelveLabs has written agreements in place with vendors and related third-parties. These agreements include confidentiality and privacy commitments applicable to that entity.

Helpful links

Twelve Labs Privacy Policy -

For any additional questions please feel free to reach out to us at