Generic streaming tools add security as a feature. We started here.
Our security posture is shaped by practical cybersecurity experience and a defense-in-depth approach: multiple layers of access control, least-privilege thinking, private-by-default workflows, and clear data handling practices.
Security by Design
Security thinking is part of every product decision from the first wireframe — not bolted on after launch.
Defense in Depth
Multiple independent layers of access control, validation, and isolation so no single failure exposes a session.
Least Privilege
Producers, hosts, observers, and viewers each get the minimum access needed to do their job — and nothing more.
Privacy by Design
Private-by-default workflows. Sessions are gated, observer links are scoped, and recordings are not exposed by default.
Data Minimization
We collect what's needed to deliver the service and produce review artifacts — not more.
Zero Trust-inspired access
Every viewer entry is verified against the room's access model. No implicit trust from network location or prior session.
These principles describe how we design and operate the platform. They are not claims of formal certification. See the roadmap section below for where we are still maturing.
Access control
You decide who gets in — and how tightly.
Every Secure Stream session is gated. Hosts pick the access model that fits the sensitivity of the room.
access.protocol.1Secure access codes
Stream-specific, time-bound codes prevent link sharing and bookmark reuse.
access.protocol.2Optional viewer registration
Require viewers to identify themselves before entering for an auditable record of who watched.
access.protocol.3Private stream controls
Hosts can lock rooms, revoke access in flight, and end sessions immediately.
access.protocol.4Room-based access
Each breakout room is independently gated — viewers see only what they're authorized to see.
access.protocol.5Role-aware admin / operator views
Producers, hosts, and observers each get scoped tooling appropriate to their role.
access.protocol.6Observer links for controlled viewing
Read-only observer access for stakeholders who need to watch without participating.
Data handling
What we collect. What we never do with it.
We process video, audio, transcripts, notes, and analytics outputs to provide the Secure Stream service. Customer content stays customer content.
We process what we need to deliver the service.
Video, audio, transcripts, notes, and analytics outputs are processed to power live streaming, transcription, and review.
Customer content is not sold.
We do not sell, rent, or share customer content with advertisers or data brokers. Period.
Not used to train third-party foundation models.
Customer audio, video, transcripts, and analytics outputs are not used to train third-party foundation models unless expressly agreed in writing.
AI & transcription
AI assists. Humans decide.
AI and transcription services generate transcripts, speaker attribution, summaries, and analytics. These outputs are built to support review and research workflows — not to replace human judgment.
Outputs are review aids
Transcripts, summaries, and analytics are starting points for human review — not authoritative records on their own.
Speaker attribution is best-effort
Diarization quality depends on capture conditions. Hosts can correct attribution and edit transcripts before sharing.
Scoped to your session
AI processing is bounded to the session it was generated for. We don't cross-pollinate one customer's data into another's outputs.
You can opt out of AI features
If your engagement requires it, AI analytics and summary features can be disabled at the workspace level.
Subprocessors
Service providers we rely on to deliver the platform.
We use a small set of vetted third parties for hosting, transcription, and supporting infrastructure. The full list — including purpose and data categories handled — is maintained separately so it stays current.
Documentation
Our terms, privacy practices, and data-handling policies are published here.