Private
by default.
Built for facilities whose only deliverable is the work itself. Most of what makes VDO secure is a list of things we go out of our way not to do.
A short
but proud list.
These four are the easy ones to explain. The rest of the page is the longer version — for IT, security, and procurement.
End-to-end encrypted.
Sessions are encrypted between the people in them. Our infrastructure sees a relay handshake and nothing else. Not the frame. Not the audio. Not the marks.
No recordings. No caches.
Nothing is recorded “just in case.” Nothing sits on a CDN waiting to leak. The session ends and the frame is gone — from us, from intermediaries, from everywhere except your suite.
Direct, peer-to-peer.
Where networks allow it the connection goes straight between machines. A relay is a fallback, not a default — and never sees the content of the stream in plaintext.
Encrypted. Yours.
Up to 256-bit encryption end to end. On-prem deployment for facilities that need it. No inbound ports on your network — the workstation reaches out, your firewall stays closed.
Up to 256-bit,
end to end.
Every leg of the connection is encrypted. The handshake is authenticated; the payload is sealed. Keys are negotiated between the participants — we don’t hold them.
- 01AEAD ciphers (AES-GCM up to 256-bit, ChaCha20-Poly1305) for the data plane.
- 02Mutual authentication on the signalling plane — TLS 1.3 only.
- 03Forward secrecy on every session; keys rotate per session.
- 04SRTP for media; DTLS-SRTP key exchange.
Nothing is kept.
By design.
A VDO session is a live event between live people. There is no archive, no transcript, no “automatic backup” — because you didn’t ask for one.
- 01The media plane is RAM-resident on the relay. Disk never touches it.
- 02Session metadata (start/end timestamps, participant counts) is retained for billing and audit only.
- 03Deletion is the default. Retention is an opt-in.
- 04If you need recording, your suite records locally. We don’t.
Outbound only.
Firewall closed.
The workstation reaches out; nothing reaches in. No port forwarding, no NAT punch-through that depends on inbound ACLs, no “please open these ranges” conversations with IT.
- 01Outbound HTTPS / WebRTC over QUIC. UDP first; TCP fallback.
- 02STUN/TURN on standard ports; no inbound rules required on your edge.
- 03Direct P2P where the network allows it; relay only as a fallback.
- 04Optional IP allow-listing; optional fixed-relay region pinning.
Your room.
Your rules.
Some facilities can’t hand any part of the pipeline to a third party. For those, VDO ships as software you run yourself.
Run our relay on your metal.
The same software we run, on infrastructure you control. Same encryption, same protocols, no dependence on our cloud.
Air-gap if you need to.
For high-security workflows the platform can run entirely on your network with no outbound connections. We help with the build-out.
Pin the region.
Lock relays to a region or a single point of presence so the media plane never leaves a jurisdiction.
Logged, scoped, revocable.
Per-session and per-machine access, time-boxed where you want it. Revocation is immediate.