Enterprise-class security, data protection, and compliance

Fret not, your data is in safe hands!

Airmeet is trusted by over 2500 customers across the globe and our information security team takes the utmost care to protect customers’ data always. Airmeet believes in data integrity, confidentiality and we follow a zero tolerance policy against any breach or violation. We commit to deliver the best customer experience by following the best practices around data security, data protection, infrastructure and systems availability.

Airmeet is certified for ISO 27001:2013 security standards.

Airmeet audits its products, processes and vendors to continuously improve our information security. This is based on a systematic approach and the audit findings are reported directly to the ISSG. The Information Security team tracks and reports the remediation of the audit findings till its closure, if any.

Read about our company privacy policy here.

Airmeet’s Organizational and Technical Measures

Description of the technical and organisational security measures implemented by Airmeet:

Airmeet’s services are deployed on a virtual private cloud AWS platform which is highly secure, scalable and this ensures high availability of data. AWS takes strong measures to protect all its infrastructure. Neither any third party, nor AWS itself has the ability to access Airmeet’s infrastructure and data. AWS data centers are certified as ISO 27001, PCI DSS Service Provider Level 1, and or SOC 1 and 2 compliant. Learn more about Compliance at AWS. Currently, we have our data center in India.

Airmeet has a dedicated team to respond to all security related issues or alerts. 

Our network monitoring team operates 24/7 and constantly monitors any breach or security threat. Any security breach is immediately reported and our incident management procedure is followed for a quick resolution. 

Airmeet conducts Vulnerability Assessment and Penetration testing on its Application and Network from a third party. Reports are available based on request. We conduct VAPT on our infrastructure network and applications through a third party. Please find the recent network and application VAPT certificates.

Airmeet has defined an incident management process to classify and handle any incidents and security breaches. The Information Security team is responsible for monitoring, reporting, tracking, resolving, and communicating incidents to appropriate parties in a timely manner.

Production builds are put through stringent functionality tests, performance tests, stability tests, and UX tests before the build is deployed. 

Version control and versioning is managed centrally for source code. Access is restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs. Check the certificate here

Airmeet relies on Cloudflare and several services from AWS to thwart DDOS attacks. Airmeet uses Cloudflare CDN as well as AWS WAF to mitigate DDoS risks on all of its services.

Security regulations such as Incident Management, Access Control, Vendor Management, Change Management, Risk Management, Secure Software Development, Human Resource Security Procedures, Business Continuity Management, etc are implemented to ensure data protection and privacy. 

Airmeet never stores user passwords in plain text and they are encrypted using the following mechanism.

Encryption at rest: All data is encrypted at rest with AES 256 standard. Encryption keys are managed using FIPS 140-2 compliant Hardware Security Modules.

Encryption in transit: Airmeet uses the WebRTC standard for audio/video communication. All data transmitted via WebRTC is encrypted in transit using standard AES (Advanced Encryption Standard) encryption, the default cipher via SRTP (Secure Real-Time Transport Protocol). SRTP is the security extension for network protocol designed for multimedia telephony and DTLS (Datagram Transport Layer Security), which provides a secure communication protocol to prevent eavesdropping, modification, replaying, and other such security attacks on datagrams.

In addition to the above, Media streams are encrypted using aes-128-xts mode. [aes-256-xts, aes-128-ecb can also be supported based on configuration]

Airmeet uses HTTPS and WSS (SSL/TLS) protocols for all client-server communications.

  • Protocol: TLS 1.2 and above
  • For a list of Key Exchange algorithms & Ciphers supported, check  ELBSecurityPolicy-TLS-1-2-Ext-2018-06 by clicking here

Airmeet services are deployed in multiple data centers for high availability and are capable of scaling up automatically to handle the traffic.

Airmeet has a formal Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) defined and implemented to enable people and process support during any crisis or business interruptions. Airmeet maintains Disaster Recovery protocols in compliance with ISO 27001:2013. In the event of a major outage, the company has the ability to recover all data through backups and move services to a different DC/region to restore availability. We conduct periodic disaster recovery mock drills to improve our response practices. All production data is backed up on a daily basis and our systems allow for point-in-time recovery. Our services & data are replicated across multiple datacenters to maintain a highly available system.

Airmeet’s production environment is logically separated from all other environments and is thus isolated. Production data is never used in our test environments.

Airmeet maintains a repository of policies focused on information security. These policies are logically enforced and all employees of airmeet are made aware of them during orientation.

All Airmeet Global employees undergo a background and criminal check prior to employment.

All Airmeet India and Global employees are required to sign Employment Agreements that include Non-Disclosure and Confidentiality provisions.

The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. Please reach out to [email protected] to report any bug, breach and to share any feedback and we will investigate accordingly.

Airmeet uses third-party sub processors to provide core infrastructure and services which support the application and allows us to provide the services to our users / customers.

A list of sub-contractors can be found below:

  • Agora.io – Video, voice and live interactive streaming platform
  • Amazon Web Services – Cloud-based infrastructure, compute & data storage services
  • AWS Cloudfront – Provides content delivery network service
  • ChargeBee – Subscription Management 
  • CloudFlare – Provides content delivery network and internet security services.
  • Google – Internal Collaboration and Storage
  • Google Analytics – Google Analytics provides data concerning site visitors and activity at the website
  • Google Firebase – Google’s application development platform
  • Hubspot – Organizer Sales CRM Tool
  • MUX – Session recording service, A/V Ingestion, Transcoding & Distribution
  • Newrelic – Applications & Infrastructure monitoring tool
  • Slack – Internal Communication
  • Stripe – Payment Processing
  • Symbl – Closed Captions
  • WorkOS – Single Sign-on