How does Coviu handle customer data?
Last Updated: Sept 2021
Organisations that work with Coviu might have questions about how we handle data. This article is meant to address these questions. Please contact us if you would like more in-depth information.
Where are the Coviu application servers located?
Our application servers are in Amazon Web Services (AWS) in Sydney and the application is distributed via cloudfront to edge servers across the planet closer to our users.
Our signalling and TURN servers are in several data centres around the world. As you are setting up a video call, your browser will know to use the signalling and TURN servers that are located closest to you.
What data security does Coviu provide?
All communication between Coviu servers and Coviu users is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher 128-bit encryption (AES_128_GCM). This includes any signalling data.
Within a Coviu call, all data, video and audio that is exchanged is encrypted using DTLS-SRTP between the participants.
What user data is stored and where?
Coviu only stores user signup information - none of the data that is exchanged in a video call is saved. User data is stored in our servers in AWS, Sydney for the Australian site and Virginia for the US site.
Coviu does not store the identities of a guest user - the snapshot and name is only taken to identify the guests to you in your call so you can more easily identify them. Specifically, if the guest is a patient, patients don't need to sign up with us and no patient information is captured by us unless you have a need for it, in which case it is encrypted and stored with a user-specific key.
Is data exchanged in a call stored?
None of the audio, video or data exchanged in a Coviu call is stored by Coviu. Specifically, Coviu does not store any clinical information that is exchanged in a call. All of the video, audio or shared documents in a call are transmitted peer-to-peer only, are fully encrypted and cannot be listened into by anyone except for the call participants. That data does not even reach Coviu storage servers.
Some add-ons do require data storage though, so if you activate an add-on with storage such as local call recording, we will start storing your data with an encryption key specific to you. We do not share that data with anybody else.
Does data in calls between peers inside a country ever leave that country?
Coviu calls are peer-to-peer calls and fully encrypted. The endpoints of a Coviu call find the shortest connection to each other that works when setting up a call. Peer-to-peer calls of participants that are within a country will not be routed via a different country.
What other services does Coviu use?
We do partner with some US based services for administrative and web activities. We partner with Google Analytics and Hubspot and the information we share with them is limited.
For more information, see our privacy statement at https://www.coviu.com/en-au/privacy and our Terms at https://www.coviu.com/en-au/terms.