Security Policy

1. Overview

At DigitalMeet, security is foundational to everything we do. This Security Policy outlines our commitment to protecting your data and maintaining the highest standards of information security. We employ industry-leading security practices, technologies, and protocols to safeguard your information.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your devices and our servers is encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure version of the protocol. This ensures that your video, audio, and other data cannot be intercepted or read by unauthorized parties during transmission.

2.2 Encryption at Rest

All data stored on our servers is encrypted using AES-256, the same encryption standard used by banks and government agencies. Encryption keys are managed using industry best practices, including key rotation and secure key storage.

2.3 End-to-End Encryption

For meetings requiring the highest level of security, DigitalMeet offers end-to-end encryption (E2EE). With E2EE enabled, meeting content is encrypted on participants' devices and can only be decrypted by authorized participants. Even DigitalMeet cannot access the content of E2EE meetings.

3. Access Controls and Authentication

3.1 Authentication

DigitalMeet implements strong authentication mechanisms, including:

• Multi-factor authentication (MFA) support
• Single Sign-On (SSO) integration with major identity providers
• Password complexity requirements
• Session management and timeout controls
• Account lockout mechanisms to prevent brute-force attacks

3.2 Authorization

We implement role-based access control (RBAC) to ensure users only have access to the features and data they need. Administrative functions require additional authentication and are logged for audit purposes.

4. Infrastructure Security

4.1 Cloud Infrastructure

DigitalMeet operates on leading cloud infrastructure providers that maintain the highest security certifications, including SOC 2 Type II, ISO 27001, and others. Our infrastructure includes:

• Geographically distributed data centers with redundant systems
• Network segmentation and firewall protection
• DDoS protection and mitigation
• Intrusion detection and prevention systems
• Regular security updates and patch management

4.2 Application Security

We follow secure software development practices, including:

• Regular security code reviews
• Automated vulnerability scanning
• Penetration testing by third-party security firms
• Dependency management and security updates
• Security training for all development staff

5. Data Protection and Privacy

5.1 Data Minimization

We collect only the data necessary to provide our Service. We do not collect or store data beyond what is required for functionality, billing, and legal compliance.

5.2 Data Retention

Data is retained only for as long as necessary to provide the Service and comply with legal obligations. When data is no longer needed, it is securely deleted using methods that prevent recovery.

5.3 Data Residency

We offer data residency options for customers with specific geographic requirements. Data can be stored in specific regions to comply with local data protection laws.

6. Compliance and Certifications

DigitalMeet maintains compliance with major security and privacy standards:

• SOC 2 Type II: Annual audits verify our security controls
• ISO 27001: Information security management system certification
• GDPR: Compliance with European data protection regulations
• HIPAA: Healthcare data protection compliance (for applicable plans)
• CCPA: California Consumer Privacy Act compliance

7. Security Monitoring and Incident Response

7.1 Monitoring

We continuously monitor our systems for security threats and anomalies using automated tools and security operations center (SOC) teams. Logs are collected, analyzed, and retained for security auditing and incident investigation.

7.2 Incident Response

We maintain a comprehensive incident response plan that includes:

• Rapid detection and assessment of security incidents
• Containment procedures to limit impact
• Investigation and root cause analysis
• Remediation and recovery procedures
• Notification procedures for affected users when required by law
• Post-incident review and improvement

8. Employee Security

All DigitalMeet employees undergo background checks and sign confidentiality agreements. Access to customer data is granted on a need-to-know basis and is regularly reviewed. All employees receive security training and are required to follow security policies and procedures.

9. Third-Party Security

We carefully vet all third-party service providers and require them to meet our security standards. Vendor agreements include security requirements, and we regularly assess vendor security practices.

10. Meeting Security Features

DigitalMeet includes built-in security features to protect your meetings:

• Waiting rooms to screen participants before entry
• Meeting passcodes and authentication requirements
• Host controls to manage participants
• Recording controls and permissions
• Screen sharing restrictions
• Participant removal capabilities
• Lock meeting functionality

11. Vulnerability Reporting

We encourage responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to security@digitalmeet.com. We commit to:

• Acknowledging receipt of vulnerability reports within 48 hours
• Providing regular updates on remediation progress
• Publicly acknowledging researchers who report valid vulnerabilities (with permission)
• Not pursuing legal action against researchers who follow responsible disclosure practices

12. Your Responsibilities

While we work hard to secure our platform, security is a shared responsibility. You can help maintain security by:

• Using strong, unique passwords
• Enabling multi-factor authentication
• Keeping your devices and software updated
• Not sharing meeting links publicly
• Using meeting security features appropriately
• Reporting suspicious activity immediately

13. Updates to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

14. Contact Us

For security-related questions or concerns, please contact us: