Security and Compliance
Effective February 1, 2025
This document outlines our commitment to safeguarding the security and privacy of the data you entrust to us. Here, you will find detailed information about how we host and manage our services, our compliance with international security standards, our data protection practices, and the measures we take to ensure the integrity and availability of our systems.
Hosting
Our application components are hosted across multiple services:
- render.com: Servers for the API and Database of User data
- LiveKit Cloud: Cloud: SFU for WebRTC.
- Netlify: Frontend SPA application.
Session Management
Session tokens are automatically renewed unless explicitly revoked by the user.
Compliance Certifications
Our servers and infrastructure providers are compliant with major security standards:
Render.com : ISO 27001, GDPR-DPA, SOC 2 Type 2.
Data Storage
All User Data is stored by Render.com in a European Data center.
Security Practices
Data Deletion
Upon deletion, rundown data and user accounts are purged from our systems within 30 days. All backups are also erased within 30 days.
Backup and Recovery
Our data recovery strategy includes:
- Data Encryption: All data in transit is encrypted using SSL. However, data stored on our systems is not encrypted at rest but is safeguarded through strong authentication and security protocols.
Third-Party Access
Access to live user data is strictly limited to authorized staff. Confidentiality agreements are in place with contractors and business associates, and where feasible, they work on test or anonymized data to prevent unauthorized access to sensitive information.
More information
For more details on which third-party services we use that may receive personal information, please refer to our Privacy Policy.