Data Storage and Security
Whereby is built in Norway by privacy-friendly Europeans. As an ethically-ambitious company, we take your security seriously. We don’t sell or mine your data, which is stored securely in the EU, we’re GDPR-compliant, and all content is encrypted.
Because we're GDPR compliant we have systems in place so you can see how your data is used, delete your profile with all data, or export any data Whereby is storing about you. Below we've laid out some common questions we get about data security with answers on the steps we've taken. If you don't see the question you're looking for, feel free to reach out to us at firstname.lastname@example.org.
How is my communication in Whereby secured?
The video and audio communication in a Whereby room is only visible to participants inside a room. It's not possible for another user to listen in on room data unless they are present in the room themselves (which means they would be visible to everyone in the room). Because the room URL is a public URL, it's possible for anyone who can guess a room name to enter an open room. If you want to prevent others from coming into the conversation, we recommend locking the room by clicking the Lock button in the room menu. If you are the owner of a room you can keep the room locked at all times, so no one else can enter it. After doing this no new participants will be able to enter the room without the owner's permission. This is thanks to the Knock feature, where a user can ask to be let in, and the owner can the let them in or stop them from joining.
Chat messages are not stored permanently. They pass through our server that connects the users in the call temporarily in order to pass them on to each participant in the call, but are deleted from server as soon as it has been delivered to the participant's computer. Additionally, as each participant leaves the room the chat messages that were stored locally on their computer are deleted.
Encryption and security
All communication between your browser and Whereby is transmitted over an encrypted connection (HTTPS using TLS). Real time messaging is done using encrypted WebSockets or polling using HTTPS. Video and audio transmitted in the service is sent directly between the participants in a room and is encrypted (DTLS-SRTP) with client-generated encryption keys. In some cases, due to NAT/firewall restrictions, the encrypted data content will be relayed through our server. We take pride in collecting and storing as little user data as possible in the service. No audio or video is ever stored on our servers.
How we process media (audio/video)
We will never store any media sent between participants in a room. The "Recording" add-on which is available in the Pro and Business plans only allow client-side recording, so the recording is never uploaded to our servers. The user who starts the recording (the user must be a host in a room to do this) are then responsible for getting consents from all participants in the meeting prior to starting the recording. They are also responsible for storing and processing the recording in compliance with regulations after downloading it from Whereby.
In the Free version of the Service, users can only use “Small” room size (up to 4 participants), and this mode is available in all plans. In “Small” room size, communication between participants are primarily sent through peer-to-peer connections, where audio and video streams are sent directly between participants and do not pass through any of our servers, in cases where this is allowed by the network the user is on. Video and audio transmitted in the Service is then sent directly between the participants in a room and is encrypted (DTLS-SRTP) with client-generated encryption keys. In cases where a user is behind a strict firewall or NAT (e.g. on a strict corporate network roughly), video and audio need to be relayed via a TURN server, but end-to-end encryption is still maintained.
If you have upgraded to Pro or Business, you can choose to use the "Extra Large" (Business -up to 50 participants) room size. Calls using the “Extra Large” room size will use a dedicated server infrastructure to allow more people in conversation, and better stability. Your stream will be sent through video router servers which transmits it to the other participants in the call, and also transmits their streams to you. Streams will always be encrypted (DTLS-SRTP) in transit, but will be decrypted and re-encrypted when passing through the video routers.
Where our servers are located
We operate a global infrastructure of video routers distributed across the world, and users will be automatically routed to the closest available one to them. This means that e.g. users in a European country, will connect to a data center physically located within the EEC. The video router servers and all of our infrastructure adhere to strict security measures, preventing any eavesdropping or interruption of the video/audio streams. Media sent between participants in a room will not be stored. Hosting providers used to route video calls do not have ability to access or control the data streams, nor is any transmission initiated by them, and data sent through Whereby is initiated by the customer, the customer select the receiver of the transmission and Whereby or its sub-contractors is not able to select or modify the information contained in the transmission, cf. GDPR Article 2 (4).
We in Whereby are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the Free version, and does not rely on widespread collection of general user data. We will only collect and process information that we need to deliver the service to you, and to continue to maintain and develop the service.
You can reference more of our security and privacy standards in our Terms of Service.
Is Whereby a Data Processor?
For customers on our Free and Pro plans, we decide what data we collect from users and the purpose of processing. This, according to the definitions in GDPR, defines us as a Data Controller, and not a Data Processor with regards to our Free and Pro users. It is therefore not relevant for us to offer a Data Processing Agreement to individual customers.
This is clearly defined in GDPR Article 1 "Definitions"
Point 7: ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Point 8: processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Since our Free and Pro plans are only offered to individuals and we do not enter into a corporate commercial agreement where your company instructs us to process personal information for you, every individual user of Whereby will be the data subject in the case where they sign up for an account with us, the Data Controller. A Data Processor is someone who only processes data on the Data Controller's requests and instructions, and within strictly defined purposes, e.g. a hosting provider.
"This policy applies where we are acting as a Data Controller with respect to the personal data of users of our Services; in other words, where we determine the purposes and means of the processing of that personal data. For content and data that you upload to or make available through the Service (“User Content”), you are responsible for ensuring this content is in accordance with our Terms of Service, and that the content is not violating other users’ privacy."
Regarding information that you choose to upload or share through Whereby, our Terms of Service state:
"You are responsible for your use of the Whereby, including the lawfulness of any content displayed, shared, uploaded or otherwise made available by you in the Service (“the User Content”). User Content includes room names, and you are responsible for ensuring room names does not include Prohibited User Content (as listed below). Your room names are used to construct the URLs identifying your rooms, and guests you invite and other third parties can (request to) enter your rooms based on these URLs. As these guests do not need to authenticate to Whereby in order to do this, please be aware that room names must be considered public information. Do not include information that you do not want to make public in room names."
Data Processing Agreement (DPA)
For our Business plan and Whereby Embedded customers, we offer a Data Processing Agreement. These plans allow companies and organizations to set up team accounts, and thus have the ability that an admin user can import emails of other employees when inviting them (which constitutes Personal Identifiable Information). We have a Data Processing Agreement (PDF) as part of our Terms of Service for all Business and Whereby Embedded customers.
Who has my credit card details?
We use Stripe for our credit card processing and storage - specifically Stripe Payments Europe, Ltd. Stripe is an extremely reliable, global payment processor that managed transactions for thousands of customers every day. Stripe is a PCI Service Provider Level 1, which is the strictest level of certification possible for a payment processor. They use high-level security to achieve this, and they are also GDPR compliant. You can read more about their security measures and them as a company at https://stripe.com/no/payments