Security
We take the privacy and security of your communications seriously
Network Security & Encryption
- Realtime audio and video media streams are point-to-point encrypted using DTLS/SRTP with an underlying AES stream cipher, all per the open standard set of WebRTC specifications and implementations.
- Network interactions with our web application and services happen over a connection using SSL/TLS and RSA encryption. For page requests that means we use HTTPS, and for realtime communication we use secure websockets (WSS).
- We score an "A" rating by Qualsys.
- Following best practices, our internal services are in their own VPC (virtual private cloud), so backend resources are only accessible by our own application servers.
Authentication & Passwords
- For products that require an account to use them, we may support logging in with Microsoft, LinkedIn, or Google via OAuth, and/or we may support a user creating an account directly using an email address and password.
- For direct accounts, we store hashed passwords using industry standard bcrypt hashing.
Our Infrastructure
- Our services are hosted on the AWS platform which follows industry standard best practices.
- We log every access to our system and constantly monitor for any suspicious changes or anomalies.
Data Storage
- Our databases are replicated across data centers so that if one location goes offline, we have spare instances standing by to take over.
- Data is encrypted on disk using AES-256 encryption.
- We keep daily backups and test restoring data from snapshots regularly.
Dedicated Infrastructure for Your Organization
- For an extra level of security, our Enterprise customers may elect to receive dedicated hardware and network infrastructure so that their data is never on any shared computing, disk, or networking resources.
- We work with Enterprise customers to customize VPN configuration and network rules so that our products can be easily integrated into the organizations existing IT infrastructure.
Your Payment Details Are Safe
- We don't store any credit card data ourselves -- we rely on our partner Stripe to do the heavy lifting there, doing what they do best. See Stripe's security overview for more.
Internal Testing & Security Bounty
- We audit our systems on a recurring basis for any security vulnerabilities, and have an internal bounty incentivizing our team to find and fix any technical issues related to security.
- We use OWASP recommendations as strong guidance for where to direct our investigative efforts.