🎉 Confrere is joining Daily! Learn more
Menu icon
Go to daily.co homepage
Developers
Start hereGuidesReference docsChangelogTutorialsGitHubSupport
Product
Client SDKDaily PrebuiltLive StreamingAudio-onlyHIPAA
Use Cases
CustomersEventsFuture of WorkFitnessEducation
Pricing
Company
About usBlogCustomersStartup ProgramSecurity CenterJobsTalk to usDeveloper support
Log inTalk to usJoin free
DevelopersClient SDKDaily PrebuiltLive StreamingAudio-onlyHIPAAUse CasesPricingTalk to usLog inSign up
Security & Compliance
Data Processing Addendum
Secure Infrastructure
Security Controls
Secure Calls
Data Protection
GDPR Compliance
Related links
  • HIPAA compliance
  • Privacy Shield
  • Our privacy policy
Back to security

Secure Calls

Daily.co video calls are encrypted and secure.

Media encryption and communication security

We built our video call APIs on top of the WebRTC standard, which mandates encryption on all communication channels.

Audio, video, and screen-sharing media

In Daily.co video calls, all audio, video, and screen sharing media are transmitted encrypted using the Secure Real-time Transport Protocol (SRTP). We rely on the SRTP implementation in each web browser for key exchange and encryption of the media streams.

Peer-to-Peer

For calls with four or fewer participants, we establish peer-to-peer connections for all participants in the call. All media is encrypted end-to-end.

In some cases, direct peer-to-peer connections are blocked by network firewalls, and we have to relay peer-to-peer connections through TURN servers. The TURN standard is defined in IETF RFC 5766, and is also part of the WebRTC standard. TURN servers are media relay servers only — there is no processing or storage of media. TURN servers do not and cannot decrypt the media that they relay.

Cloud-connected

For calls with more than four participants, we connect clients to one of our Selective Forwarding Unit (SFU) servers in a star topology. Media is encrypted to and from the SFUs. On the SFU, media must be decrypted and re-encrypted for each client, so these calls are not end-to-end encrypted. However, our server code is written so that this decryption and re-encryption happens in memory, and at the application layer we never have access to unencrypted media.

WebRTC data channels

Some call metadata, and application-level messages generated by the Daily.co sendAppMessage() API call, are transmitted through WebRTC data channels. Data channels are encrypted using Datagram Transport Layer Security (DTLS).

Data channel encryption works the same way as media encryption, described above.

Web application & signaling data

The components of the Daily.co web application are downloaded from our web servers. We allow only encrypted connections to our web servers (we support only HTTPS, not HTTP). Our application web servers all run in the AWS and use Amazon-provided TLS certificates.

To set up and manage video calls, we use a combination of HTTPS and WSS data connections to our signaling servers. Again, these servers support only encrypted connections, run on the AWS cloud, and use TLS certificates that are either generated by Amazon or generated by the letsencrypt.org tools and rotated every 90 days.

Built worldwide
Follow Daily on TwitterFollow Daily on LinkedIn
Product
Client SDKDaily Prebuilt Live StreamingAudio-only HIPAAIntercom app
Developers
Start hereGuidesReference docsChangelogTutorialsGitHubSupport
Resources
PricingCustomersStartup Program
Company
About us
Jobs
hiring!
BlogTalk to us
 
 
 
Security & Privacy
Security centerPrivacy policyTerms of serviceCookie policy