Data Storage and Security
SIRIUS is built in Germany by privacy-friendly Europeans. As an ethically-ambitious company, we take your security seriously. We don’t sell or mine your data, which is stored securely in Germany, we’re GDPR-compliant, and all content is encrypted.
Below we've laid out some common questions we get about data security with answers on the steps we've taken. If you don't see the question you're looking for, feel free to reach out to us at firstname.lastname@example.org.
How is my communication in SIRIUS secured?
The video and audio communication in a SIRIUS room is only visible to participants inside a room. It's not possible for another user to listen in on room data unless they are present in the room themselves (which means they would be visible to everyone in the room). Because the room URL is a public URL, every room is secured by a password set by the owner of the room, so no one else can enter it. Only participants you shared the link and password with are able to enter the room. Additionally every new participant needs to knock on the room, and the owner can the let them in or stop them from joining.
Chat messages are not stored permanently. They pass through our server that connects the users in the call temporarily in order to pass them on to each participant in the call, but are deleted from the server as soon as the video session has ended. Participants joining a video session later than other can not access the previous chat history.
How we enrcypt and secure media (audio/video)
We will never store any media sent between participants in a room. All communication between your browser and SIRIUS is transmitted over an encrypted connection (HTTPS using TLS). Real time messaging is done using encrypted WebSockets or polling using HTTPS.
By default, communication between participants are primarily sent through peer-to-peer connections, where audio and video streams are sent directly between participants and do not pass through any of our servers, in cases where this is allowed by the network the user is on. Video and audio transmitted in the Service is then sent directly between the participants in a room and is encrypted (DTLS-SRTP) with client-generated encryption keys. In cases where a user is behind a strict firewall or NAT (e.g. on a strict corporate network roughly), video and audio need to be relayed via a TURN server, but end-to-end encryption is still maintained.
We take pride in collecting and storing as little user data as possible in the service. No audio or video is ever stored on our servers.
Where our servers are located
SIRIUS is hosted on secure servers of a certified German provider in Nürnberg, Germany. At no time will your data be disclosed when and from where you access the video platform.
We in SIRIUS are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the Free version, and does not rely on widespread collection of general user data. We will only collect and process information that we need to deliver the service to you, and to continue to maintain and develop the service.
You can reference more of our security and privacy standards in our Terms of Service.
Data Processing Agreement (DPA)
For paying institutions and organizations, we offer a Data Processing Agreement (DPA). Our solution for institutions and organizations has the ability that an admin user can add emails of other users when inviting them (which constitutes Personal Identifiable Information). We have a Data Processing Agreement (DPA) as part of our Terms of Service for all paying institutions and organizations.
Please contact email@example.com for accessing the current version of Data Processing Agreement (DPA) and further information.
Who has my credit card details?
We use Paddle (https://paddle.com) for our credit card processing and storage - specifically Stripe Payments Europe, Ltd. Stripe is an extremely reliable, global payment processor that managed transactions for thousands of customers every day. They use high-level security, and they are also GDPR compliant. You can read more about their security measures and them as a company at https://paddle.com/privacy.