01
Encryption at rest
AES-256 for every recording, thumbnail, transcript. Keys rotated quarterly via AWS KMS. Per-tenant key separation for Business and Enterprise.
02
Encryption in transit
TLS 1.3 everywhere. HSTS enforced. Certificate pinning on desktop and mobile clients. No HTTP fallback.
03
Zero-trust auth
SSO via SAML 2.0 and OIDC. SCIM 2.0 for provisioning. Hardware key support (WebAuthn). Session tokens short-lived, rotated.
04
Access controls
Least-privilege by default. Per-space permissions. Admin audit logs for every action. Role-based access for teams of any size.
05
Data isolation
Customer data siloed by tenant. No cross-tenant queries possible in code. Separate encryption contexts per customer on Enterprise.
06
Incident response
24/7 on-call rotation. P0 SLA 15 minutes. Status page with history. Post-mortems public for every P0/P1.
07
AI privacy
Your content is never used to train third-party models. Transcription runs on our own GPU clusters. Opt-out of all AI features at org level.
08
Retention & deletion
Delete a video — gone in 48h, including backups. Cancel account — full purge within 30 days. Data export is always one click.