3Play Media offers premium closed captioning, live auto-captioning, audio description, transcription, and subtitling solutions at competitive prices. We provide a user-friendly account system, fast turnaround, flexible APIs, and integrations with a multitude of video players, platforms, and lecture capture systems.
Our commitment to innovation has led to 7 patents (granted and pending)–all of which focus on making the captioning, audio description, subtitling, and transcription process more efficient and less expensive.
We believe that accessibility matters and that the impact of accessibility is universal.
We aim to help create a more accessible web by providing services and resources that support video accessibility across websites, apps, and other digital interfaces.
Accessibility is about creating in a manner that is inclusive of all people, with and without disabilities, and providing an equal experience without barriers.
All data is encrypted at rest, in backups, and in transit using SSL protocols.
Countries of data storage
All 3Play Media data resides in the United States in either an AWS (Virginia, Ohio, or Oregon) or an IBM Cloud (Texas) data center.
Data storage method
Online application data is stored in a MySQL database replica set at Amazon Web Services (AWS) data centers. Online transcript data is stored in a MongoDB replica set housed in an IBM Cloud data center in Dallas, Texas. Audio and video data is stored in AWS S3, encrypted at rest with AES-256, under separate authentication credentials.
Data retention policy
Customers may request that we purge any and all video, audio, streaming, and/or transcript data1 from our system at any time after the services have been completed. 3Play also supports periodic purging of this data on a customer specified schedule. We maintain all metadata for customer assets in our MySQL database, as this is required for billing.
In the event that a customer is required to preserve user data in connection with a court order, litigation hold, or preservation order, we immediately will initiate all policies and procedures necessary to allow the customer to satisfy such obligations.
Incident management program, policy, and testing
When code is updated, it is reviewed for potential vulnerabilities, either in the code itself or its transitive dependencies. We similarly scan Docker images using AWS ECR’s scanner. And we commission an annual penetration test and infrastructure review by experienced third-party security consultants.
Disaster recovery and business continuity plan and testing
In the unlikely event that a catastrophic failure causes the 3Play production system to be inaccessible for a significant period of time, the latest version of the 3Play Media Business Continuity and Disaster Recovery Plan shall be followed. This documented procedure is designed to return the 3Play application and service to partial functionality within 30 minutes and to nearly full functionality within 120 minutes. In all cases, data loss will be minimized to encompass only the several second (max) sync delay between the production system and disaster recovery system. The disaster recovery system shall always be housed in a different AWS geographic region than the main production system.
These procedures are tested and updated as needed by 3Play development staff. Note also that the above document contains configuration requirements, procedures, and operational standards for overall system robustness and high service availability, even under normal (non-disaster) conditions. All 3Play executives, directors, and development staff should be familiar with the contents of that document.
Security Standard Certificates
HIPAA, GDPR, CCPA (pending in 2021), Harmonized with ISO 27K
Third party testing and security controls practices
3Play’s infosec controls are regularly reviewed, evaluated, and audited through continuous internal review and internal audits, by participating in the CyberGRX cyber risk management program, commissioning a penetration test (“pentest”) from an experienced third-party provider on an annual basis, and by acquiring and reviewing SOC reports from our leading providers.
Presently the 3Play Media Chief of Research and Development has this security policy Owner role, and is considered the Chief (Information) Security Officer (CSO/CISO). If the security policy Owner is unavailable for any urgent matter (e.g. a suspected security breach), either the Director of Engineering or the Lead DevOps Engineer may assume the role (“Backups”).
Types of data collected
We may collect the following information about you:
Contact and billing information.
IP address and device ID.
Information about your computer hardware and software, such as computer type and screen resolution.
Web page analytics and usage information
Data submitted by you through a survey.
Some of this information, including the IP address, is stored in our log files along with the date and time.
Personally identifiable or personal data collected
3Play stores in our database the email addresses entered by users, the mailing address and telephone numbers entered by billing contacts, and the IP addresses of users interacting with our system. These data are required for the fulfillment of our services. All of these data are encrypted at rest, in backups, and in transit using TLS protocols. 3Play does not store credit card information. Any credit card information is forwarded to our payments processor, Braintree.
Data Deletion Request Process
You may request, and we will provide you with, information about whether we hold any of your personal information. You may request access to, or correction or deletion of your personal information, by contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
Third Party Data Sharing & Opt-out
We may share your information in the following ways:
With third-party service providers we use to support our business. These parties include third parties providing us with services such as website hosting, data analysis, infrastructure provision, IT services, customer service, analytics and email delivery services. These third parties are authorized to use information only to the extent necessary to provide these services to us.
With our current affiliates and any future corporate subsidiaries or affiliates.
With a buyer, investor, new affiliate or other third party in the event that 3Play Media, or any portion, group or business unit thereof, undergoes a business transition, such as a merger or acquisition, or during steps in contemplation of such activities.
With third parties for marketing, advertising, promotions, contests or other similar purposes. If required by applicable law, we will share such data for advertising and marketing purposes only in an aggregate, anonymous and de-identified manner.
To comply with any law or directive, judicial or administrative order, legal process or investigation, warrant, subpoena, law enforcement or national security investigation, or as otherwise required or authorized by law; to respond to requests from public and government authorities, including public and government authorities outside the country of residence; to enforce our policies, terms and conditions; to protect our operations or those of any of our affiliates, customers, partners, agents or others; to protect our rights, privacy, safety or property and/or that of our affiliates, customers, partners, agents and any other person or organization; and/or to permit us to pursue available remedies or limit the damages that we may sustain.
Cookies or Tracking Technologies used
We may use certain persistent first-party cookies to provide the best user experience and remember your preferences with the 3Play Media system. Most Internet browsers have options for controlling, disabling, and deleting cookies on your computer. We may use tracking pixels and other technologies to track when emails have been opened and which links in an email have been clicked. This helps us to measure the performance of our email campaigns and provide you with more targeted information.
Analytics performed on Customer Data
We use Google Analytics to collect and processes information about you and how you interact with the System. You can opt out from Google’s collection of information.
Data correlation practices
Log data from web servers, application components, middleware, and supporting tools is routinely reviewed for development, debugging, and quality assurance purposes. WAF logs may be reviewed on the Barracuda WAF dashboard, or downloaded for more detailed analysis. Some log and associated metrics are ingested into the Datadog observability service for easier querying, correlation, and alerting. Other analysis tools in use include the AWS GuardDuty dashboard and AWS Athena.
Privacy Certifications or Seals
HIPAA, GDPR, CCPA (pending in 2021), Harmonized with ISO 27K
Targeted Advertising using user data
Privacy or data protection impact assessments
We use multiple mechanisms to detect and identify weaknesses, including dual intrusion detection and prevention systems (IDPSs), AWS GuardDuty and Alert Logic Essentials, that review network and environmental conditions and configurations on a continuous basis. We have multiple SAST (Static Application Security Test) and software analysis/code quality tools including Brakeman, Dependabot, ESLint, and RuboCop embedded into our continuous integration (CI) pipeline.
Privacy Law Compliance
Our lawful bases for the processing of personal data are: (i) consent and/or (ii) any other applicable lawful bases, such as our legitimate interest in engaging in commerce, offering products and services of value to the users of the Site, preventing fraud, ensuring information and network security, marketing and complying with industry practices.