PRIVACY POLICY
Zenoxit Live : Security & Privacy
Zenoxit Team, developing a platform our users can rely on is the most important thing. That means, amongst other things, we are very mindful of the security and privacy aspects that affect our users.
Security and privacy are very broad topics so we are going to try and go through some practical use cases to demonstrate what’s at play.
Fully secure you say… What does this mean exactly?
In many respects Zenoxit Live meetings are simply private by design. To begin with, all meeting rooms are ephemeral: they only exist while the meeting is actually taking place. They get created when the first participant joins and they are destroyed when the last one leaves. If someone joins the same room again, a brand new meeting is created with the same name and there is no connection to any previous meeting that might have been held with the same name.
That said, since a name is all that one needs to actually access a room, we have to be really careful about how we choose and advertise them. We don’t want others accidentally stumbling into our meetings, just as we want to keep pranksters and snoopers away.
This is generally not much of a problem for small size deployments (remember you can host your own Zenoxit Live ) or low profile meetings but it may be a problem if you are using a large and public deployment such as live.zenoxit.com or if there is significant interest in your meeting.
One has to really keep in mind that the name of a meeting is sensitive and needs to be protected. You shouldn’t send it to anyone you do not want in your meeting. Advertising this name publicly, for example on social media, is something you should only ever do if you truly are comfortable with maximum exposure and the possibility of unwelcome visitors.
Then there’s the matter of choosing the name. If you start a meeting with the name “Test”, “Yoga” or “FamilyMeeting” for example, chances of having some random uninvited people joining are very, very high. How does one pick a good room name then? Our random meeting name generator is a great start. It offers names that are easy to remember and read out loud on a phone call, and come from a set of over a trillion possible combinations. Picking out one of the auto-generated names is therefore quite safe.
If you don’t like the funky way the auto-generated names sound and you don’t want to use a long and uninviting UUID (which you totally could), then go ahead and pick a name by yourself but make sure it is long enough. For example, next time you’d like to have a coffee with someone over video, rather than going for live.zenoxit.com/coffee, try something with more of a twist.
We are also working on a “bad meeting name detector”. You’ll see a warning if your meeting name has a high chance of collision, so stay tuned!
We also give people the option to set a meeting password. A few important things to keep in mind: if you do set a password, it is your responsibility to communicate it to your peers.
More importantly, keep in mind that your password, just as chat and speaker stats, will be reset once the last person leaves the room. So you have to make sure that you set the password again, if you find yourself ending the meeting and then rejoining.
A similar approach you might consider would be to append a random character sequence at the end of your room name.
Anyone can mute or kick me out of my meeting, what’s up with that?
Zenoxit Live models its meetings after in-person gatherings. Take the case of 10 people having a discussion in a room. You wouldn’t expect one person to have exclusive “kick” and “mute” privileges in an in-person meeting and yet, those meetings usually go fine.
In the vast majority of cases, moderation controls in online meetings serve a different purpose: they help address tech related issues, such as people not realizing their microphones are introducing noise, or people forgetting to leave. Moderation controls help you solve those, so that people can continue their conversation. And now, with that in mind, why wouldn’t you want to enable anyone in the meeting to help solve these kinds of issues?
For that reason our moderation controls are soft, and for everyone.
This is specifically the case on live.zenoxit.com, since all users are moderators.
If you really, really, really need moderation controls to be limited then consider deploying your own Zenoxit Live instance and configuring it in a way that suits your needs. Once you do, you can configure strong authentication, so only authorised users will be moderators.
We understand the settings in live.zenoxit.com are not for everyone, so if you’d rather have your own private setup (which we encourage you to do!) you can get started quickly with our Docker setup or the quick-install guide. We’ll be happy to help you in our community.
Are my meetings encrypted? Is encryption end-to-end?
This is something we get asked a lot, so let’s dive into the details:
Zenoxit Live meetings can operate in 2 ways: peer-to-peer (P2P) or via the Zenoxit Live Videobridge (JVB). This is transparent to the user. P2P mode is only used for 1-to-1 meetings. In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers.
In the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using DTLS-SRTP). Packets are decrypted while traversing Zenoxit Live Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting.
Note: Since Zenoxit Live is built on top of WebRTC, a deeper look into its security architecture is very important when evaluating Zenoxit Live’s security aspects.
So, why is the media decrypted in Zenoxit Live Videobridge? Currently there is no way to do without this in WebRTC.
Some services try to achieve this by establishing a full mesh of peer-to-peer connections between participants but that presents significant issues.
From a scalability perspective, this is a very limited approach as utilization of CPU and bandwidth grows quadratically to the number of participants thus quickly resulting in a very degraded user experience. This is the very reason why services like Zenoxit Live resort to using video routers (a.k.a., Selective Forwarding Units (SFUs)) like Zenoxit Live Videobridge. With SFUs, clients establish a single connection with the video router and all data goes there. That saves a ton from a resource utilization point of view, but it complicates the encryption situation. At the moment WebRTC has no way to negotiate multi-party encryption over a single connection. Every client sets up a separate crypto context with the video router, which then has to trans-crypt the data as it relays it from one client to another.
Not all hope is lost though! The folks from the WebRTC team are working on providing the necessary APIs in the browser so applications can add an additional layer of encryption that would allow apps to add an end-to-end encryption layer while still allowing SFUs to function. You can bet we will be all over this as soon as possible.
What do you do with my data?
To begin with, by default Zenoxit Live does not require users to create accounts. Any information they choose to enter, such as their name or email address is purely optional and is only shared with other meeting participants. We do not retain this information after the meeting.
Other pieces of data such as the chat, or speaker stats, for example, are stored for the duration of the meeting and then destroyed when it ends.
Obviously many of these things can be customized by the configuration of the actual deployment that you are using so we are going to talk about the one we maintain: live.zenxit.com
We preserve all of the above defaults but you should absolutely also check out the live.zenoxit.com Privacy Policy and Terms of Service.
Recordings are a bit of an interesting case. They are kept on our servers until we can upload them to the place you indicated (currently Dropbox). If we haven’t managed to do that in 24 hours we still delete them and they are gone forever (so make sure you have enough space in your Dropbox folders 😉 )
Do you use analytics?
Zenoxit Live does not come with any preconfigured analytics engines.
We do use analytics on live.zenoxit.com, so let’s talk about it.
We are very committed to privacy and security and we are extremely careful about what information reaches the analytics engines we use. That said we also want to provide our users with a great product experience, so we need some visibility into what’s actually going on. We are currently using Amplitude, Datadog and Crashlytics to cover various aspects of the apps and the infrastructure on live.zenoxit.com. Things that we track in analytics include, an anonymous identifier (you can run in “incognito” mode if this bothers you), bitrate, available bandwidth, SDP offers and answers, product utilization events, mobile app crash dumps (how much various product features are used overall).
Most importantly, once your meeting is over we do not retain any names, e-mail addresses or profile pictures (as we mentioned above, those are only transmitted to the other participants in the meeting).
While we hope that the live.zenoxit.com configuration will be satisfactory to most users, we completely understand that it will be incompatible with what some others are looking for. If, for any reason, this is the case for you please remember that you could be running your private Zenoxit Live instance in as little 15 minutes!
Other products : Privacy Policy
About Information Sharing
We may need to share your Personal Information and your data to our affiliates, resellers, service providers and business partners solely for the purpose of providing ZENOXIT Services to you.
The purposes for which we may disclose your Personal Information or data to our service providers may include, but are not limited to, data storage, database management, web analytics and payment processing. These service providers are authorized to use your Personal Information or data only as necessary to provide these services to us. In such cases ZENOXIT will also ensure that such affiliates, resellers, service providers and business partners comply with this Privacy Policy Statement and adopt appropriate confidentiality and security measures.
We will obtain your prior specific consent before we share your Personal Information or data to any person outside ZENOXIT for any purpose that is not directly connected with providing ZENOXIT Services to you.
We will share your Personal Information with third parties only in the ways that are described in this Privacy Policy Statement. We do not sell your Personal Information to third parties.
We may share generic aggregated demographic information not linked to any Personal Information regarding visitors and users with our business partners and advertisers.
Please be aware that laws in various jurisdictions in which we operate may obligate us to disclose user information and the contents of your user account to the local law enforcement authorities under a legal process or an enforceable government request. In addition, we may also disclose Personal Information and contents of your user account to law enforcement authorities if such disclosure is determined to be necessary by ZENOXIT in our sole and absolute discretion for protecting the safety of our users, employees, or the general public.
If ZENOXIT is involved in a merger, acquisition, or sale of all or a portion of its business or assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Users who wish to correct, update or remove any Personal Information including those from a public forum, directory or testimonial on our site may do so either by accessing their user account or by contacting support@ZENOXIT.com Such changes may take up to couple of days to take effect. We respond to all enquiries within 30 days.
Cookies
When you use or access the ZENOXIT site we may use small text files containing a string of alphanumeric characters called cookies to improve overall Site experience, among other things. A cookie is a piece of data stored on the user's hard drive containing information about the user. They will not contain any executable software, malicious code or virus. Cookies do not establish your personal identity. They just establish the source of requests to our web servers.
Cookies generally do not permit us to personally identify you. ZENOXIT may use both session cookies and persistent cookies. A session cookie generally disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the ZENOXIT site or other web sites. Persistent cookies can generally be removed by you.
Please review your web browser "Help" file to learn the proper way to modify your cookie settings and to remove cookies.
Security of your Information
We adopt industry appropriate data collection, storage and processing practices and security measures, as well as physical security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Information, username, password, transaction information and data stored in your user account. Access to your name and email address is restricted to our employees who need to know such information in connection with providing ZENOXIT application to you and are bound by confidentiality obligations.
We may employ procedural and technological security measures that are reasonably designed to help protect your personally identifiable information from loss, unauthorized access, disclosure, alteration or destruction. ZENOXIT may use encryption, password protection, and other security measures to help prevent unauthorized access to your personally identifiable information.
Data Retention
We will retain your information while providing services to you. In the event of you cancelling account with us, we guarantee to retain your data for your backup purposes only for one month from cancellation date after which we may delete and destroy it. However, we will retain any data for as long as required to comply with laws or enforce our rights.
Change in Privacy Policy
ZENOXIT reserves the right to changes this Privacy Policy at any time. All the changes to the policy will be effectively immediately after its publication.
Contact Information
We appreciate your invaluable feedback on our privacy policy.
You can contact us at support@ZENOXIT.com or
ZENOXIT PRIVATE LIMITED,
Ground Floor, 006/B5,
Shree Rajlaxmi Park, Pakhadi Kharegaon-Kalwa,
Thane Pin- 400605 Land Mark : Near Vitthal Mandir