Data security

Data security is important for XMReality and our users. Learn more in this article about data security, storage and encryption.

Background

XMReality was started as a research project for the Swedish Armed Forces to assist in disarming mines. This means that from day one, we have valued and focused on making sure that our solution is secure and dependable. We’ve come a long way since we started, and even if you aren’t out disarming mines, we want you to feel confident that you can trust our solution wherever and whenever you need it.

What data is stored?

XMReality does not store any data from within the calls. This means that if you complete a call where none of the participants record video or take screenshots, nothing of what was being filmed, shared, or said in the call is saved.

If you however want to save something from the call and therefore record the session or take screenshots, these captures will only be stored locally on your own device.

The only data that is stored by us is for the purpose of providing and tracking usage of the solution, so for each call the following data is stored:

  • User names (email addresses) of the licensed participants in the call
  • Time stamps (date, time and length of call)

For calls initiated by using “call links”, the following data is also stored:

  • Recipient name, which can contain personal data if entered by the creator of the link
  • Phone number of the recipient, if using our built-in text messaging service.
    This data is handled by our third-party provider, more information can be found here: https://www.vonage.com/legal/privacy-policy/

The data stored by us, along with all servers being used to facilitate the use of the solution, is located in Amazon Web Services datacenter in Ireland. This means that your data never leaves the EU, unless the call includes people outside of the EU of course. We abide under GDPR and follow all it’s requirements, including only storing data for as long as there is a need for it.

Is it safe to make XMReality calls? 

Yes, peer-to-peer calls (calls where 2 people are calling each other, regardless web calls or app-to-app calls) are encrypted which means no third party can access the call information (topics discussed, what is being filmed, where the solution is being used etc) - not even XMReality. What happens in the call, stays between the participants of the call – unless a recording would be shared with external parties manually.

For calls with more than 2 people, a conference server is used to facilitate the communication. All traffic to and from, and within the server, remain encrypted. This server is placed in AWS just like the others and can only be reached from within the network, thus protecting it from attackers.

Can I trust XMReality to be available when I need it?

Yes, XMReality is built in a way so it’s stable and redundant, and if something critical were to happen, like a fire in the datacenter, we could quickly move to another datacenter.

As mentioned earlier in this article, our solution is hosted by Amazon Web Services. This means that despite us being a quite small company in the world, the server and network hardware we use to provide our solution to you are top of the line and managed by world-class administrators.