field guide

AI features and client confidentiality: NDAs, embargoed footage, and who can see it

Every AI feature in a storage product is also a new party with eyes on your footage. When you are holding embargoed material under an NDA, the quiet handoff to a third-party model is the part that should worry you, not the search bar on top of it.

Leland Dutcher · JuiceMount's author published 9 min read

Checked June 2026. Competitor prices are dated inline and sourced at the end; verify before relying on them.

Every AI feature in a storage product is also a new party with eyes on your footage. When a tool transcribes a rough cut, tags faces, or builds a semantic index, the bytes have to be read by something, and that something is often not your storage vendor. It is a model running somewhere else, under terms you did not sign. If you are holding embargoed footage under an NDA, that quiet handoff is the part that should keep you up at night, not the slick natural-language search bar on top of it.

I run an open-source mount layer, so I have a dog in the broader storage fight. But this post is not about that. It is about a narrow, practical question that every editor and post supervisor now has to answer: when you turn on AI search, who actually gets to see the unreleased material, and does your contract allow it?

AI features redraw the trust boundary #

A trust boundary is just the edge of the circle of people and systems allowed to touch the footage. Your NDA defines that circle. The director is inside it. The colorist you hired is inside it. The general public is very much outside it. The trouble with cloud AI features is that they can move a third party from outside the circle to inside it without anyone signing anything new.

Here is the mechanism in plain terms. Many platforms do not build their own vision and speech models. They send your media to a specialist. iconik, for example, takes an API-first approach and plugs into best-of-breed engines like Google Video AI and Amazon Rekognition rather than running everything in-house (iconik AI documentation, checked Jun 2026). That is an honest, flexible design. It also means that when you auto-tag a clip, a copy of that clip, or at least a low-resolution proxy of it, leaves the platform you bought and lands at a company you may never have evaluated. iconik even recommends proxy-based workflows to cut egress charges, which is sensible for cost but does not change the confidentiality question: a recognizable version of the footage still travels.

The analogy I use with clients: hiring a storage vendor with embedded cloud AI is like hiring a contractor who quietly subcontracts the electrical work. The contractor is bonded and you trust them. But the electrician who actually shows up at the house is someone you never met, and your agreement with the contractor is the only thing standing between that stranger and your living room.

A retention promise is only as good as the next court order #

Vendors will reassure you that the AI provider does not train on your data and deletes it quickly. Those promises are real and worth having. They are also conditional in ways the marketing page does not spell out.

The clearest illustration is the OpenAI litigation. In May 2025, a federal magistrate in the New York Times copyright case issued a preservation order forcing OpenAI to retain ChatGPT and API logs that its own policy would normally have deleted after 30 days. By November 2025 the court had ordered OpenAI to produce 20 million de-identified chat logs to the plaintiffs (NYT v. OpenAI docket coverage, Bloomberg Law and OpenAI's own statement, checked Jun 2026). A standing "we delete in 30 days" policy was overridden by a judge. The footage you assumed was gone was not gone.

The detail that matters most for post production is which accounts were exempt. The preservation order carved out ChatGPT Enterprise, Edu, and any API customer operating under a negotiated Zero Data Retention agreement. Standard pay-as-you-go API usage was swept in. So the tier of agreement your AI subprocessor sits on is not a billing footnote, it is the line between footage that can be preserved by court order and footage that genuinely never persists. Zero Data Retention is not the default. It requires a negotiated enterprise contract, and it is not offered on standard plans (OpenAI and Anthropic enterprise terms, checked Jun 2026).

Read what your NDA actually says about AI #

The contract side has moved faster than most editors realize. Confidentiality agreements drafted in 2026 increasingly carry explicit AI clauses. The common pattern: a prohibition on uploading confidential material into public or open-source AI tools, a ban on any service that retains inputs or uses them for model training, and a carve-out permitting only enterprise-grade or closed-environment AI systems (law-firm guidance on AI clauses in NDAs, KJK and Avantia, checked Jun 2026).

Read that against how cloud media AI works and the conflict is obvious. If your NDA forbids transmitting confidential material to a third party outside its scope, and your storage tool ships proxies to Google or AWS for tagging, you may be in breach the moment you enable the feature, even though you never opened a chatbot. The act that violates the agreement is automated and invisible. Lawyers writing about this make the point bluntly: pasting a confidential document into a public AI tool can transmit it to a provider outside the NDA, and the same logic applies to footage moving through an indexing pipeline (Sapience Law and Outside GC, checked Jun 2026).

Three questions to ask before you switch anything on:

  • Who is the subprocessor? Get the named list. A vendor that cannot tell you which AI company sees your footage cannot tell you whether your NDA permits it.
  • What retention tier are you on? Zero Data Retention or nothing, for embargoed work. A 30-day deletion promise is a 30-day window of exposure plus whatever a court later compels.
  • Does your client allow it at all? Some studios prohibit cloud AI on unreleased assets. The honest answer may be that the feature has to stay off until release.

Where TPN fits, and where it stops #

If you work with major studios or streamers, the Trusted Partner Network is the shorthand for "we take content security seriously." TPN is the Motion Picture Association's vendor assessment program, and a Gold Shield is valid for two years with a full re-audit every 24 months and an interim Blue Shield check at 12 months (TPN program documentation, checked Jun 2026). Most major studios now list TPN status as a contractual requirement for vendors handling high-value content.

Several media storage tools have done the work. Shade holds SOC 2 Type II, ISO 27001, HIPAA, and TPN alongside its AI tagging and transcription (shade.inc, certifications dated May 2025, checked Jun 2026). SuiteStudios announced TPN certification on December 4, 2024 (SuiteStudios blog, checked Jun 2026). That is genuinely meaningful, and I credit it.

But a certification answers "is this vendor's security program sound," not "does my specific NDA permit this specific AI handoff." TPN has only recently begun building best practices around AI and machine learning as an emerging risk area. A TPN Gold vendor can still route your footage to a cloud AI subprocessor in a way your client's particular agreement forbids. The badge tells you the company is competent. It does not read your contract for you.

Where the footage goes when an AI feature runs, by processing model. Checked Jun 2026.
Processing modelWho sees the footageThe catch for NDA work
Cloud AI via third-party API (e.g. Google Video AI, Amazon Rekognition)Your vendor plus the named AI subprocessor and its own subprocessorsA proxy or copy leaves your vendor; retention depends on the AI provider's tier and can be compelled by court order
Vendor-operated cloud AI (processed inside the platform)Your storage vendor only, in their cloudFewer parties, but footage still leaves your premises and sits in someone else's data center
Local or on-device AI (Whisper, CLIP-class models)No one outside your networkLower ceiling on model quality and scale; you supply the compute

The local option, and where it does not fit #

The cleanest way to keep a third party out of the trust boundary is to never send the footage out. Local AI has gotten good enough that this is a real choice, not a compromise. Whisper.cpp handles transcription on a laptop, and CLIP ViT-L/14, the workhorse semantic-search model, produces 768-dimension embeddings per frame entirely on local hardware. One local-first tool, Clipto, reports indexing 2TB of video on an M5 MacBook Pro in about 24 hours, with nothing uploaded (Product Hunt and vendor pages, checked Jun 2026). For embargoed work, "nothing uploaded" is the whole ballgame.

I will be honest about the trade. Cloud providers like Rekognition and Google Video AI still win on breadth: celebrity recognition, vast object vocabularies, multilingual transcription at scale. A local model running on your edit bay will tag fewer things less precisely, and you pay for it in the compute and time you supply yourself. For a public marketing library where nothing is secret, the cloud convenience is often the right call, and I would not pretend otherwise.

This is the one place JuiceMount is genuinely native to the topic, so I will say it once. We keep the search index local to your machine and your NAS, which means the index of what is in your footage never has to leave your trust boundary to be searchable. That is a design choice that suits NDA-heavy work. It is not a fit if you specifically want the depth of a hosted cloud model, and a full cloud MAM like iconik or an AI-native platform like Shade will out-tag a local index on raw breadth. Pick based on what your contracts actually demand, not on which demo looked shiniest.

For a deeper look at the mechanics behind these tradeoffs, see local vs cloud AI indexing and what AI search actually indexes and where it runs. If your worry is broader than footage, the privacy cost of cloud AI search covers the search-query side. And if you are weighing the AI-native platforms specifically, our Shade review digs into where ShadeFS and its tagging bill.

Next step

If your work lives under NDAs and embargoes, start by confirming the search index never has to leave your machines.

How the local index worksCompare the options
Sources, checked June 2026
  • iconik, AI metadata tagging documentation and artificial-intelligence page, on its API-first approach and best-of-breed engines (Google Video AI, Amazon Rekognition) plus proxy-based workflows.
  • Bloomberg Law and OpenAI's own statement on the New York Times litigation, on the May 2025 preservation order and the November 2025 order to produce 20 million logs.
  • OpenAI Data Processing Addendum and Anthropic enterprise/Zero Data Retention terms, on retention tiers and the requirement for negotiated enterprise agreements.
  • KJK and Avantia Law, on explicit AI clauses now appearing in NDAs and confidentiality agreements.
  • Sapience Law and Outside GC, on how transmitting confidential material to AI tools can fall outside an NDA's scope.
  • Trusted Partner Network program materials, on Gold and Blue Shield validity, re-audit cadence, and AI as an emerging risk area.
  • Shade (shade.inc), on SOC 2 Type II, ISO 27001, HIPAA, and TPN certifications and its AI tagging, transcription, and facial recognition.
  • SuiteStudios blog, on its TPN certification announced December 4, 2024.
  • Clipto (Product Hunt) and local-AI tooling guides, on Whisper.cpp, CLIP ViT-L/14 embeddings, and on-device indexing of 2TB on an M5 MacBook Pro.