LiveSession provides encryption, security, and stability for all of the customers’ data. We always handle the data only in a scope permitted by the relevant regulation and by our customers.
LiveSession is using Google Cloud Platform (GCP) as an infrastructure provider, which is ISO/IEC 27001 and S0C1 certified. You can read more about GCP compliance here.
The data is stored in the United States (Iowa) datacenter on GCP infrastructure.
We ship logs to Google Stackdriver for analysis and use Google Storage as a storage for backups. We use automatic, daily incremental backups encrypted with cryptographic keys to assure security and safety.
Our technical team is constantly monitoring LiveSession systems’ efficacy to catch all performance, availability and integrity issues using internal and third-party systems to provide the best experience for our customers. All incidents in the last 60 days are listed on our status page.
We always ensure our development efforts follow industry-standard guidelines/best practices.
Only authorized engineers have access to the infrastructure. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location. We use control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Since we use GCP, LiveSession team members do not have physical access to Google data centers, servers, network equipment, or storage. Google data centers feature a layered security model, including extensive safeguards such as:
According to the Google Security Whitepaper: “The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Data centers are also routinely patrolled by professional security guards who have undergone rigorous background checks and training.”
All data sent to or from LiveSession is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an AES-256 encryption algorithm.
We enable roles levels within the app to be set for organization teammates. Different roles allow access to billing, invoices, inviting account members or exporting data.
LiveSession currently offers external Single Sign-on (SSO) via Google Apps for Work.
All passwords are hashed with a bcrypt encryption algorithm and stored in a secure way.
LiveSession protects user privacy by default. Sensitive data in forms (e.g. passwords and credit card details) is always anonymized in the recordings. It’s possible to anonymize static content as well, such as surnames and other personal information. Sensitive images (e.g. user personal photos) can be masked to provide a fully anonymized experience. Also, we don’t store or display the IP addresses of recorded users.
LiveSession retains collected data based on the chosen plan's retention. We offer 30, 90, 180 or 365 days of retention. The data is automatically deleted after it passes the retention time.
We believe in our responsibility to protect privacy and security. We will never sell or share any of our customer’s data to third parties.
The company's headquarters is equipped with an alarm, burglar-proof roller blinds. Documents and data carriers are stored in a locked room and cabinets.
Access to our internal customers management system is restricted to our staff members with Google SSO authorization with 2FA enabled. Staff members have access only to data related to their projects and responsibilities. The offboarding process includes access revocation to all of our systems.
All employee contracts include a confidentiality agreement.
LiveSession has a comprehensive set of security policies covering a range of topics. These policies are shared with all employees in our internal knowledge base.
LiveSession uses Braintree (a PayPal company) as a payment gateway. Details about their security setup and PCI compliance can be found at Braintree’s security page.
We use the Consensus Assessments Initiative Questionnaire Lite (CAIQ-Lite) from the Cloud Security Alliance to provide security control transparency. Please reach our support to obtain the document.