Data Storage and Security
SIRIUS is built in Germany by privacy-friendly Europeans. As an ethically-ambitious company, we take your security seriously. We don’t sell or mine your data, which is stored securely in Germany, we’re fully GDPR-compliant, and all content is encrypted.
Here, we've laid out some common questions we get regarding data security with answers on the steps we've taken. If you don't see the question you're looking for, feel free to reach out to us at legal@sirius.video.
How is my communication in SIRIUS secured?
Locking rooms
The video and audio communication in a SIRIUS room is only visible to participants inside a room. It's not possible for another user to listen in on room data unless they are present in the room themselves (which means they would be visible to everyone in the room). Because the room URL is a public URL, every room is secured by a password set by the owner of the room. No one with the URL and password can enter it. Only participants you shared the link and password with are able to enter the room. Additionally every new participant needs to knock on the room – the owner decides to allow them in or stop them from joining.
Chat
Chat messages are not stored permanently. They pass through our server that connects the users in the call temporarily in order to pass them on to each participant in the call – They are deleted from the server as soon as the video session has ended. Participants joining a video session later than other can not access the previous chat history.
How we encrypt and secure media (audio/video)
We will never store any media sent between participants in a room. All communication between your browser and SIRIUS is transmitted over an encrypted connection (HTTPS using TLS). Real time messaging is done using encrypted WebSockets or polling using HTTPS.
By default, communication between participants are primarily sent through peer-to-peer connections. Audio and video streams are sent directly between participants and do not pass through any of our servers. Video and audio transmitted in the session is then sent directly between the participants in a room and is encrypted (DTLS-SRTP) with client-generated encryption keys. In cases where a user is behind a strict firewall or NAT (e.g. on a strict corporate network roughly), video and audio need to be relayed via a TURN server, but end-to-end encryption is still maintained.
We take pride in collecting and storing as little user data as possible in the service. No audio or video is ever stored on our servers.
Where our servers are located
SIRIUS is hosted on secure servers of a certified German provider in Nürnberg, Germany. At no time will your data be disclosed when and from where you access the video platform.
All user account data is stored in Germany. You can see a full overview of the types of data that are being processed and stored, with the legal reasons for each category, in our Privacy Policy.
Privacy
We in SIRIUS are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the free version, and does not rely on widespread collection of general user data. We will only collect and process information we need to deliver our service to you, and to continue to maintain and develop the service.
SIRIUS may collect, store and process various kinds of data, with different legal grounds, as listed in our Privacy Policy. For the categories of data that require your consent, we will actively ask you for consent before collecting any data. You can give and revoke your consents at any time by sending an email to support@sirius.video.
You can reference more of our security and privacy standards in our Terms of Service.
Data Processing Agreement (DPA)
For paying institutions and organizations, we offer a Data Processing Agreement (DPA). Our solution for institutions and organizations has the ability that an admin user can add emails of other users when inviting them (which constitutes Personal Identifiable Information). We have a Data Processing Agreement (DPA) as part of our Terms of Service for all paying institutions and organizations.
Please contact support@sirius.video for accessing the current version of Data Processing Agreement (DPA) and further information.
Who has my credit card details?
We use Paddle (https://paddle.com) for our credit card processing and storage - specifically Stripe Payments Europe, Ltd. Stripe is an extremely reliable, global payment processor that manages transactions for thousands of customers every day. They use high-level security, and they are also GDPR compliant. You can read more about their security measures and them as a company at https://paddle.com/privacy.