Security and Privacy

This page describes the technical and organizational security measures implemented by SpatialChat. These security measures may be updated from time to provide the best user experience.

Any such updates and modifications do not result in the degradation of the overall SpatialChat services.

Security

This article outlines the fundamental security measures implemented in SpatialChat.

Data centers

SpatialChat stores its data at the physically secure data centers in the Republic of Ireland. We use Amazon Web Services servers located in Dublin.

Amazon Web Services data centers have all relevant best practice compliance certificates.

Learn more about compliance at AWS

Office security

SpatialChat is a Cyprus-based company with HQ in Limassol.

Access to all office spaces is regulated by an access control system and only employees and visitors who have registered or have temporary access cards are allowed to enter. Company policy requires that all visitors must be accompanied by responsible employees.

HR Security

Our employees and contractors are required to sign a non-disclosure agreement before starting work.

We provide security awareness training for all new employees, as well as annually for all employees. Training is carried out through an electronic platform and materials and posters displayed throughout our offices.

We provide training for our product developers following OWASP best practices for secure programming.

Operational Security

All our data is encrypted in transit and at rest. Our services are hosted with AWS to ensure the highest standards of security and reliability. TLS 1.2 is used for data in transit, data at rest is encrypted with AES-256.

We give access to our systems on a ‘need to know’ basis, access review is performed twice a year.

Application Security

We comply with modern industry standards regarding application security. Our production and development environments and networks are isolated. We perform code reviews, penetration testing, and automated code analysis.

Privacy

SpatialChat conducts due diligence before onboarding its contractors/vendors/employees. We maintain contractual relationships with all of our vendors. If the personal data is processed and/or transferred via a vendor located on US soil, we use DPA with SCCs.

In our daily activities with personal data, we use all reasonable and appropriate technical and organizational measures to adhere to applicable privacy laws. To protect personal data, we have enacted the following internal and external policies: General Data Protection Policy, Privacy Policy, Subject Access Request policy, employee procedures for handling subject access requests, data breach procedures, and other documents including as may be required by applicable legislation. Personal data is treated as confidential throughout processing.

We do not store personal data for longer than is required for the initial purpose of its collection. However, we may retain anonymized data for statistical and analytical purposes. Certain personal data is retained to the extent required and/or permitted by law to protect our legal interests.

Incident management

SpatialChat has designed its infrastructure to log information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregate log data and alert appropriate employees of malicious, unintended, or anomalous activities. SpatialChat personnel, including security, are responsive to known incidents.

SpatialChat maintains a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, and support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, SpatialChat takes appropriate steps to minimize user damage and unauthorized disclosure and to prevent future incidents.

If SpatialChat becomes aware of unlawful access to data stored within its services, we notify the affected users of the incident, provide a description of the steps that are being taken to resolve the incident and provide status updates to the user, as necessary.

Data Processing Agreement

If you wish to sign a DPA with us, below you can find the pre-signed from our side document:

Compliance and Encryption

To ensure the utmost security and privacy for our users, the SpatialChat platform is both GDPR compliant and employs AES 256-bit encryption for video calls. Here's how these measures provide robust protection.

General Data Protection Regulation (GDPR) Compliance

This indicates that your service adheres to the stringent privacy and data protection laws set forth by the European Union. GDPR compliance ensures that user data is handled responsibly, with transparency, and with the consent of the individuals. It involves several key aspects:

    • Data Privacy and Security: Ensuring that personal data of users is processed securely, kept confidential, and is not accessed unlawfully.
    • User Consent: Users have control over their data, including the right to access, correct, delete, or transfer their data.
    • Data Breach Protocols: In case of a data breach, your platform has procedures in place to detect, report, and investigate the breach.
    • International Data Transfers: Safeguards are in place for transferring data outside the EU.

AES 256-bit Encryption for Video Calls

This refers to the Advanced Encryption Standard with a 256-bit key, which is a symmetric encryption algorithm widely recognized for its strength and security. Using this for video calls on the SpatialChat platform implies:

    • High-Level Security: It's currently one of the strongest encryption standards available, used by governments and security experts worldwide.
    • Data Protection During Transmission: The encryption protects the video calls from being intercepted or accessed by unauthorized parties.
    • Integrity and Confidentiality: Ensures that the content of the communication is not tampered with and remains confidential.

Together, these features provide a comprehensive security framework for the SpatialChat platform, ensuring that user data is not only handled in compliance with legal standards but is also protected with one of the strongest encryption technologies during communication. This combination of legal compliance and technological security measures positions SpatialChat as a reliable and secure platform for digital communication.