We use AWS cloud server for storage. We highly prioritize privacy and security of data by encrypting the session's content, video, audio, and screen sharing via AWS. Also, we have Cert-in certification to show data security compliance.
FLOOR uses HTTPS and WSS (SSL/TLS) protocols for all client-server audio-video communications
Protocol: TLS 1.2 and above
Key Exchange using ECDHE_RSA with P-256
FLOOR does not store user passwords in plain text.
FLOOR uses the WebRTC standard for audio/video communication
All data transmitted via WebRTC are mandatorily encrypted in transit using standard AES (Advanced Encryption Standard) encryption which is the default cipher via SRTP (Secure Real-Time Transport Protocol), which is the security extension for network protocol designed for multimedia telephony along with DTLS (Datagram Transport Layer Security), which provides a secure communication protocol to prevent eavesdropping, modification, replaying and other such security attacks on datagrams.
In addition to the above, Media streams will be encrypted using aes-128-xts mode. (aes-256-xts, aes-128-ecb can also be supported based on configuration)
All data is encrypted at rest with AES 256 standard. Encryption keys are managed using FIPS 140-2 compliant Hardware Security Modules.
We currently do the following data encryption:
Framework - Symfony
Streaming - WebRTC
Hosting - AWS + AZURE