Instant Agenda security involves four key factors discussed in this article:
- Meeting Access
- Data Encryption and Storage
- Code and Hosting/Server Security
- Our Policies Regarding Your Data
All Instant Agenda meetings have a unique URL based on a 120 bit generated ID. This ensures that meeting addresses are effectively unguessable. You share that unique ID with anyone you want to join your meetings.
Anyone you share the unique meeting link with will have access to your meeting and its history. This level of security is enough for most people. But if you are holding secret HR-related or leadership meetings, you may want more control.
Paid Organization and Enterprise accounts have access to additional security options.
These work similarly to a "Google Docs" sharing model and include options to share the meeting with:
- Anyone who has the link
- Members of my organization
- Only the individuals I specify.
Even if you are a single user, you may wish to switch to an Organization account. This process is quick and easy, and doesn't cost anything additional. Just contact us through the app, or send an email request.
An Organization or Enterprise account also allows you to actively manage the members of your organization. You can promote users to Moderator status, or remove access entirely (e.g., if someone leaves the company). We strongly recommend that companies adopt either an Organization or Enterprise account to control their own access.
Data Encryption and Storage
Instant Agenda is a cloud-hosted software-as-a-service application. That means that data you enter into the application is sent across the web to our server/database. It is important to us that this transaction is secure.
All data transmissions from your browser are HTTPS encrypted to ensure security during transit. Further, all data is encrypted in our database "at rest". The only way to access the data directly is to sign into the Google Firebase (database hosting) as an authorized Instant Agenda developer. We restrict this access to a small number of our engineers who require it to work on the application. Nobody else (IT, Support, Product, etc.) has the ability to access this data.
Code and Hosting/Server Security
The security of our code and hosting are extremely important to us.
Our main application (that is: your data) is hosted on Google Firebase. We believe that this Google infrastructure is highly secure with one of the biggest names in the industry to stand behind it. None of your data is hosted on our own servers in some no-name hosting facility with questionable practices and infrastructure.
Another point of security concern is our code. In theory, flaws in our code (or 3rd party libraries we use) could be exploited to gain access to data. We take this concern very seriously. We use Veracode to perform static analysis of our code and our 3rd party libraries. We also use Veracode to perform penetration testing of our service.
Our Policies Regarding Your Data
Our policy regarding your data is spelled out in detail in our terms and conditions:
Section 4 describes Customer Data. Essentially: you own the data, and we will not do anything with it. We do not mine it, share it or otherwise distribute it.
If you have additional concerns about security, please contact us at: firstname.lastname@example.org.