What You Need to Know About Remote Guidance and Data Security
Remote support has become more important than ever in today's business environment. It allows you to provide the necessary assistance to your customers without sending a technician on-site. You can resolve customers' issues quickly while increasing cost-efficiency, customer satisfaction, and profitability.
However, like with so many other means of communication these days you want to be sure that your data is secure when using the service. Therefore we have gathered some of the most common questions that we receive on data security when using XMReality Remote Guidance.
Where is the data stored?
The XMReality Remote Guidance service is hosted by Amazon Web Services, AWS, in Ireland. This is an on-demand cloud computing platform, that among other things hosts our data instead of us needing to have the server capacity ourselves. AWS is one of the most extensive global cloud infrastructures with security standards that lives up to the high demands of military, global banks and other high-sensitivity organizations. So we can assure you that the data is stored in a safe place! If you want to read more about AWS you can do so here.
What data is stored?
Apart from the information provided when you set up your account we only store usage data and chat logs. With usage data we mean the call logs where we can see that a call was placed by a certain user and to whom the call was made. This is basically the same info as you as a user can access if you go into your “History” section inside your XMReality account. Or if you don’t have an account, you can instead imagine how your regular call history looks on your mobile phone. Here you can see who you called, at what time and how long the call lasted.
No data from the actual remote guidance call is stored. So no information on what is being said or filmed is stored by XMReality - basically the same way as a normal phone call works.
Is the call encrypted?
Yes, the calls are end-to-end encrypted (E2E). This is a method which prevents third-parties from accessing data while it’s being transferred from one end of the system to the other. This means that the device that sends information encrypts the data which is sent and only the other recipient’s device can decrypt it. So a third party is not able to decrypt the data which is being sent, this also includes XMReality even if we are providing the service.
This works slightly differently if you are in a multi-party call, which is a possibility with our solution. Instead of the encryption being between one sender and one recipient it’s between the participants and the conference server which is hosting the call.
If I record a session or take an image, where is that stored?
This will be stored locally on the device that you are using. If you use a mobile phone for the call and take an image during the call, or record part of it, it will be saved in your camera roll - just like when you use the normal camera function to take an image or record a video.
If you use remote guidance on your laptop the place for saving will by default be a XMReality folder which will be created in your Documents folder when you install the software. However you can also manually change where you want the images to be saved.
Is the security comparable with a video conference call?
If you compare the security of XMReality Remote Guidance with a regular video conference call the security is many times actually higher. This since all remote guidance calls are end-to-end encrypted. A few video conferencing solutions have now started to also have end-to-end encryption, but at times this needs to be manually turned on by the user and is not the default. So using remote guidance is just as safe, or safer, than using a video conference service.
Is the solution GDPR compliant?
The short answer to this question is Yes. But let’s dig a bit deeper into why that is so. GDPR, short for General Data Protection Regulation, has been in place since 2018 and is a law on data protection and privacy in the European Union and the European Economic Area. It’s quite extensive and the parts of it that are most related to using our remote guidance service are the parts that concern the storage of personal data.
First of all, the service (in this case XMReality Remote Guidance) should make sure that as a user, your personal data is safely stored and can’t be accessed by anyone who shouldn’t have it. Which we hope that the previous questions have made clear - your data is safely stored and can’t be accessed by any third parties.
Secondly, the service should only collect data on you which is actually needed to efficiently provide you with the service requested; using Remote Guidance. For this reason we only collect information needed to set up your account and support associated administration - both ours at XMReality and your own administration of the account.
The data stored by XMReality, which you have read about above, includes your call history. In this case we can see if you have contacted other users (which have already given their consent to us for accessing their data). In some cases you might call a non-XMReality user by sharing a call link with them. In this case the data we store is that you have made a call using web links, but no data on who you actually connected with. So XMReality doesn’t store any information on this person who is not an official user of our service.