Security

We take the privacy and security of your communications seriously


Network Security & Encryption

Realtime audio and video media streams are point-to-point encrypted using DTLS/SRTP with an underlying AES stream cipher, all per the open standard set of WebRTC specifications and implementations.

Network interactions with our web application and services happen over a connection using SSL/TLS and RSA encryption. For page requests that means we use HTTPS, and for realtime communication we use secure websockets (WSS).

We score an "A" rating by Qualsys.

Following best practices, our internal services are in their own VPC (virtual private cloud), so backend resources are only accessible by our own application servers.

Authentication & Passwords

We support logging in with Google via OAuth, or by creating an account directly using a password. For direct accounts, we store hashed passwords using industry standard bcrypt hashing.

Our Infrastructure

Our services are hosted on the AWS platform which follows industry standard best practices.

We log every access to our system and constantly monitor for any suspicious changes or anomalies.

Data Storage

Our databases are replicated across data centers so that if one location goes offline, we have spare instances standing by to take over.

We keep daily backups and test restoring data from snapshots regularly.

Dedicated Infrastructure for Your Organization

For an extra level of security, our Enterprise customers receive dedicated hardware and network infrastructure so that their data is never on any shared computing, disk, or networking resources.

We work with Enterprise customers to customize VPN configuration and network rules so that Team.Video can be easily integrated into the organizations existing IT infrastructure.

Your Payment Details Are Safe

We don't store any credit card data ourselves -- we rely on our partner Stripe to do the heavy lifting there, doing what they do best. See Stripe's security overview for more.

Internal Testing & Security Bounty

We audit our systems on a recurring basis for any security vulnerabilities, and have an internal bounty incentivizing our team to find and fix any technical issues related to security.

We use OWASP recommendations as strong guidance for where to direct our investigative efforts.