Data Protection

Audio, video, and screen-sharing media

We never store any audio, video, or screen-sharing data from any call other than through our documented recording APIs, which are entirely under the control of your developers. A call can be recorded only when:

  • The enable_recording property is set for the room for the call. Recording is disabled by default for rooms created with the REST API.
  • A user joins with the enable_recording property set on a meeting token.

If recording is enabled for a room, a recording will only start if:

  • The Prebuilt user interface is used and a user who has recording privileges for the room clicks on the recording button in the UI
  • The start_cloud_recording property is set on a meeting token, or when a recording is started via the REST API /rooms endpoint
  • The daily-js front-end library startRecording() method is called

Application-level messages

We do not log or store any data passed through our infrastructure via the sendAppMessage() API call.

Access logs and personally identifying information

The only personally identifying information we store is:

  • The client IP address, in front-end server HTTPS access and error logs
  • The client user_name only if a developer supplies this via the daily-js front-end library
  • The client user_id only if a developer supplies this via the daily-js front-end library

Logs are stored in the AWS cloud. No log data is stored longer than necessary to perform analytics to improve service quality.

Access controls

Your information is stored only in the production environment. Since your information is private and confidential, we have strict controls that limit access to the production environment to individuals that need to perform tasks to keep up and running. All access requires 2FA and is logged using AWS IAM. Read more about our security controls.

Never miss an update

Subscribe to our monthly newsletter and we'll keep you up-to-date with the latest product releases, tutorials, and more.