shield icon

Security at LiveSession

LiveSession provides encryption, security, and stability for all of the customers’ data. We always handle the data only in a scope permitted by the relevant regulation and by our customers.

Infrastructure and data security

Infrastructure

LiveSession is using Google Cloud Platform (GCP) as an infrastructure provider, which is ISO/IEC 27001 and S0C1 certified. You can read more about GCP compliance here.

iso27001soc1

Data location

The data is stored in the United States (Iowa) datacenter on GCP infrastructure.

Backups and monitoring

We ship logs to Google Stackdriver for analysis and use Google Storage as a storage for backups. We use automatic, daily incremental backups encrypted with cryptographic keys to assure security and safety.

Stability

Our technical team is constantly monitoring LiveSession systems’ efficacy to catch all performance, availability and integrity issues using internal and third-party systems to provide the best experience for our customers. All incidents in the last 60 days are listed on our status page.

We always ensure our development efforts follow industry-standard guidelines/best practices.

Network access

Only authorized engineers have access to the infrastructure. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location. We use control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Physical security

Since we use GCP, LiveSession team members do not have physical access to Google data centers, servers, network equipment, or storage. Google data centers feature a layered security model, including extensive safeguards such as:

  • Custom-designed electronic access cards
  • Alarms
  • Vehicle access barriers
  • Perimeter fencing
  • Metal detectors
  • Biometrics

According to the Google Security Whitepaper: “The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Data centers are also routinely patrolled by professional security guards who have undergone rigorous background checks and training.”

Application security

Encryption

All data sent to or from LiveSession is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an AES-256 encryption algorithm.

Permissions

We enable roles levels within the app to be set for organization teammates. Different roles allow access to billing, invoices, inviting account members or exporting data.

Single Sign-on

LiveSession currently offers external Single Sign-on (SSO) via Google Apps for Work.

Credentials storage

All passwords are hashed with a bcrypt encryption algorithm and stored in a secure way.

Customer data security

End user security

LiveSession protects user privacy by default. Sensitive data in forms (e.g. passwords and credit card details) is always anonymized in the recordings. It’s possible to anonymize static content as well, such as surnames and other personal information. Sensitive images (e.g. user personal photos) can be masked to provide a fully anonymized experience. Also, we don’t store or display the IP addresses of recorded users.

Data retention

LiveSession retains collected data based on the chosen plan's retention. We offer 30, 90, 180 or 365 days of retention. The data is automatically deleted after it passes the retention time.

Third parties

We believe in our responsibility to protect privacy and security. We will never sell or share any of our customer’s data to third parties.

Working security

Office security

The company's headquarters is equipped with an alarm, burglar-proof roller blinds. Documents and data carriers are stored in a locked room and cabinets.

Access restrictions

Access to our internal customers management system is restricted to our staff members with Google SSO authorization with 2FA enabled. Staff members have access only to data related to their projects and responsibilities. The offboarding process includes access revocation to all of our systems.

Confidentiality

All employee contracts include a confidentiality agreement.

Policies

LiveSession has a comprehensive set of security policies covering a range of topics. These policies are shared with all employees in our internal knowledge base.

Other

PCI Compliance

LiveSession uses Braintree (a PayPal company) as a payment gateway. Details about their security setup and PCI compliance can be found at Braintree’s security page.

Security Self Assessment Questionnaire (CAIQ - Lite)

We use the Consensus Assessments Initiative Questionnaire Lite (CAIQ-Lite) from the Cloud Security Alliance to provide security control transparency. Please reach our support to obtain the document.