Organisations that work with Coviu have many questions about how we handle data. This article is meant to address these questions. Please contact us if you would like more in-depth information.
Where are the Coviu application servers located?
Our application servers are in AWS in Sydney and the application is distributed via cloudfront to edge servers across the planet closer to our users.
Our signalling and TURN servers are in several data centres around the world. As you are setting up a video call, your browser will know to use the signalling and TURN servers that are most closest located to you.
What data security does Coviu provide?
All communication between Coviu servers and Coviu users are encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher 128-bit encryption (AES_128_GCM). This includes any signalling data.
Within a Coviu call, all data, video and audio that is exchanged is encrypted using DTLS-SRTP between the participants.
What user data is stored and where?
Coviu only stores user signup information - none of the data that is exchanged in a video call is saved. User signup data is stored in AWS in Sydney.
Coviu does not store the identities of a guest user - the snapshot and name is only taken to identify the guests to the users in a call so they can more easily decide to allow them into the call. Specifically, if the guest is a patient, patients don't need to sign up with us and no patient information is captured by us.
Is data exchanged in a call stored?
None of the audio, video or data exchanged in a Coviu call is stored by Coviu. Specifically, Coviu does not store any clinical information that is exchanged in a call. All of the video, audio or shared documents in a call are transmitted peer-to-peer only, are fully encrypted and cannot be listened into by anyone except for the call participants. That data does not even reach Coviu storage servers.
Does data in calls between peers inside a country ever leave that country?
Coviu calls are peer-to-peer calls and fully encrypted. The endpoints of a Coviu call find the shortest connection to each other that works when setting up a call. Peer-to-peer calls of participants that are within a country will not be routed via a different country.
What other services does Coviu use?
We make use of some US based services. We use Google Analytics and Intercom.io to track usage on Coviu. The information that we share with them is limited. For Intercom, we share the user name and email address - other than that only usage data.
For more information see our privacy statement at https://coviu.com/static/privacy .