What is a qualified view?

A view that passes four checks set by the campaign brief: watch duration, policy compliance, geo consistency, and traffic validity. If any layer rejects it, the view is logged with a reason code and excluded from both spend and payout.

How fast can a brand launch?

Most campaigns go live within 24-48 hours of brief acceptance.

Which platforms are supported?

Instagram, TikTok, YouTube (Shorts and long-form), X, and Facebook.

How is FORKOFF different from OpusClip, Vizard, or Whop?

OpusClip and Vizard are self-serve clipping SaaS. Whop and Hoodpay are creator marketplaces that count raw views. FORKOFF is managed and counts only qualified views. every view filtered through four checks before it counts.

Do clippers need a large audience?

No. Fit, quality, and verifiable performance matter more than raw follower count.

Why was my clip rejected?

Every rejection includes a reason code: policy issue, brief mismatch, format mismatch, or invalid traffic signals.

How are clippers paid?

Payout equals qualified views divided by 1,000, times the campaign CPM rate. Rates are visible before brief acceptance.

Can I run on my own clippers?

Yes. FORKOFF can run a managed campaign on a brand's existing clipper roster, with the qualification engine and reporting layered on top.

What happens to filtered traffic?

Filtered traffic is logged with a reason code and excluded from spend. Brands never pay for traffic that fails any qualification check.

Can I export the qualification ledger for an audit?

Yes. Every campaign produces an audit-ready CSV/JSON export with per-view reason codes.

Security · FORKOFF Clipping | FORKOFF Clipping

01Encryption

▸In transit. TLS 1.3 across all subdomains. HSTS preloaded. No HTTP fallbacks.
▸At rest. provider-managed encryption (AES-256) for application data, intake records, and the qualification ledger.
▸Secrets. API tokens, webhook URLs, and provider credentials live in Vercel encrypted environment variables, never in the repo.

02Access Control

▸FORKOFF staff access to intake records and ledger data is gated behind SSO with hardware-key-backed 2FA.
▸Brand-side dashboards: invite-only, scoped to the campaigns the account owns. No cross-tenant visibility.
▸Clipper-side dashboards: scoped to the clipper's submitted clips and payout history.
▸Service-account credentials rotate on a fixed schedule and on any team-membership change.

03Audit Logging

Every state-changing action on an intake record, qualification entry, or payout settlement writes an append-only log line. Logs include actor, action, timestamp, and a content hash of the affected record. Brands receive a per-campaign export of the relevant log slice with their qualification ledger.

04Vendor and Sub-Processors

▸Vercel. hosting, analytics, edge.
▸Resend. transactional email.
▸Slack. internal intake routing.
▸Google Analytics + Microsoft Clarity. gated behind cookie consent.

Each vendor is bound by data-processing terms. We do not share intake or ledger data with any vendor not listed above.

05Vulnerability Disclosure

If you find a security issue, report it to security@forkoff.xyz (or crew@forkoff.xyz as a fallback). We aim to:

▸Acknowledge within 2 business days.
▸Validate or triage within 7 business days.
▸Ship a fix or mitigation within 30 days for confirmed issues.
▸Credit reporters in the acknowledgments below if they want public credit.

Please don't run intrusive scans, dump customer data, or chain proof-of-concepts that disrupt service. Coordinated disclosure is welcome.

06security.txt

Our machine-readable security contact follows RFC 9116: /.well-known/security.txt.

07Acknowledgments

Researchers who have reported confirmed issues will be listed here with their consent.

Security practices