Enterprise-class security, data protection, and compliance

Fret not, your data is in safe hands!

Airmeet is trusted by over 2500 customers across the globe and our information security team takes the utmost care to protect customers’ data always. Airmeet believes in data integrity, confidentiality and we follow a zero tolerance policy against any breach or violation. We commit to deliver the best customer experience by following the best practices around data security, data protection, infrastructure and systems availability.

Airmeet is certified for ISO 27001:2013 security standards.

Airmeet audits its products, processes and vendors to continuously improve our information security. This is based on a systematic approach and the audit findings are reported directly to the ISSG. The Information Security team tracks and reports the remediation of the audit findings till its closure, if any.

Airmeet is SOC 2 Type 2 attested.

Airmeet has successfully implemented the SOC 2 Type 2 controls of Security, Availability, and Integrity of the process. A SOC 2 report attests the controls of a service organisation are appropriately designed and implemented. The trust principle controls include availability, confidentiality, security, privacy and integrity of the process. Please reach out to [email protected] if you would like to access the complete report.

Read about our company privacy policy here.

Airmeet’s Organizational and Technical Measures

Description of the technical and organisational security measures implemented by Airmeet:

Airmeet’s services are deployed on a virtual private cloud AWS platform which is highly secure, scalable and this ensures high availability of data. AWS takes strong measures to protect all its infrastructure. Neither any third party, nor AWS itself has the ability to access Airmeet’s infrastructure and data. AWS data centers are certified as ISO 27001, PCI DSS Service Provider Level 1, and or SOC 1 and 2 compliant. Learn more about Compliance at AWS. Currently, we have our data centers in India, Ireland, and United States.

Airmeet has a dedicated team to respond to all security related issues or alerts. 

Our network monitoring team operates 24/7 and constantly monitors any breach or security threat. Any security breach is immediately reported and our incident management procedure is followed for a quick resolution. 

Airmeet conducts Vulnerability Assessment and Penetration testing on its Application and Network from a third party. Reports are available based on request. We conduct VAPT on our infrastructure network and applications through a third party. Please find the recent VAPT certificates.

Airmeet has defined an incident management process to classify and handle any incidents and security breaches. The Information Security team is responsible for monitoring, reporting, tracking, resolving, and communicating incidents to appropriate parties in a timely manner.

Production builds are put through stringent functionality tests, performance tests, stability tests, and UX tests before the build is deployed. 

Version control and versioning is managed centrally for source code. Access is restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs. Check the certificate here.

Airmeet relies on Cloudflare and several services from AWS to thwart DDOS attacks. Airmeet uses Cloudflare CDN as well as AWS WAF to mitigate DDoS risks on all of its services.

Security regulations such as Incident Management, Access Control, Vendor Management, Change Management, Risk Management, Secure Software Development, Human Resource Security Procedures, Business Continuity Management, etc are implemented to ensure data protection and privacy. 

Airmeet never stores user passwords in plain text and they are encrypted using the following mechanism.

Encryption at rest: All data is encrypted at rest with AES 256 standard. Encryption keys are managed using FIPS 140-2 compliant Hardware Security Modules.

Encryption in transit: Airmeet uses the WebRTC standard for audio/video communication. All data transmitted via WebRTC is encrypted in transit using standard AES (Advanced Encryption Standard) encryption, the default cipher via SRTP (Secure Real-Time Transport Protocol). SRTP is the security extension for network protocol designed for multimedia telephony and DTLS (Datagram Transport Layer Security), which provides a secure communication protocol to prevent eavesdropping, modification, replaying, and other such security attacks on datagrams.

In addition to the above, Media streams are encrypted using aes-128-xts mode. [aes-256-xts, aes-128-ecb can also be supported based on configuration]

Airmeet uses HTTPS and WSS (SSL/TLS) protocols for all client-server communications.

  • Protocol: TLS 1.2 and above
  • For a list of Key Exchange algorithms & Ciphers supported, check  ELBSecurityPolicy-TLS-1-2-Ext-2018-06 by clicking here

Airmeet services are deployed in multiple data centers for high availability and are capable of scaling up automatically to handle the traffic.

Airmeet has a formal Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) defined and implemented to enable people and process support during any crisis or business interruptions. Airmeet maintains Disaster Recovery protocols in compliance with ISO 27001:2013. In the event of a major outage, the company has the ability to recover all data through backups and move services to a different DC/region to restore availability. We conduct periodic disaster recovery mock drills to improve our response practices. All production data is backed up on a daily basis and our systems allow for point-in-time recovery. Our services & data are replicated across multiple datacenters to maintain a highly available system.

Airmeet’s production environment is logically separated from all other environments and is thus isolated. Production data is never used in our test environments.

Airmeet maintains a repository of policies focused on information security. These policies are logically enforced and all employees of airmeet are made aware of them during orientation.

All Airmeet Global employees undergo a background and criminal check prior to employment.

All Airmeet India and Global employees are required to sign Employment Agreements that include Non-Disclosure and Confidentiality provisions.

The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. Please reach out to [email protected] to report any bug, breach and to share any feedback and we will investigate accordingly.

Airmeet uses third-party sub processors to provide core infrastructure and services which support the application and allows us to provide the services to our users / customers.

For list of sub-contractors visit here.