All you need to know about XMReality and data security
Remote support has become more important than ever in today's business environment. It allows you to provide the necessary assistance to your customers without sending a technician on-site. You can resolve customers' issues quickly while increasing cost-efficiency, customer satisfaction, and profitability.
However, like with so many other means of communication, you want to ensure your data is secure when using the service. Therefore we have gathered some of the most common questions that we receive on data security when using XMReality.
Where is the data stored?
The XMReality service is hosted by Amazon Web Services, AWS, in Ireland. This is an on-demand cloud computing platform that, among other things, hosts our data instead of us needing to have the server capacity ourselves. AWS is one of the most extensive global cloud infrastructures with security standards that meet the high demands of the military, international banks, and other high-sensitivity organizations. So we can assure you that the data is stored safely!
What data is stored?
We only store usage data besides the information provided when you set up your account. With usage data, we mean the call logs where we can see that a certain user placed a call and to whom the call was made. As a user, this is the same info you can access if you go into your “History” section inside your XMReality account. Or, if you don’t have an account, you can instead imagine how your regular call history looks on your mobile phone. Here you can see whom you called, when, and how long the call lasted.
No data from the actual remote guidance call is stored on our servers. So no information on what is being said or filmed is stored by XMReality - the same way as a normal phone call works.
Is the call encrypted?
Yes, the calls are end-to-end encrypted (E2E). This method prevents third parties from accessing data while it’s being transferred from one end of the system to the other. This means that the device that sends information encrypts the sent data, and only the other recipient’s device can decrypt it. So a third party cannot decrypt the sent data; this also includes XMReality, even if we provide the service.
This works slightly differently if you are in a multi-party call, which is a possibility with our solution. Instead of the encryption between one sender and one recipient, it’s between the participants and the conference server hosting the call. So the communication is still fully encrypted while traveling, but the communication is temporarily decrypted within the conference server to know what to send to the other participants.
If I record a session or take an image, where is that stored?
This will be stored locally on the device that you are using. If you use a mobile phone for the call and take an image during the call or record part of it, it will be saved in your camera roll - just like when you use the normal camera function to take an image or record a video.
If you use remote guidance on your laptop, the saving place will be an XMReality folder created in your Documents folder when you install the software. However, you can also manually change where you want the images saved.
Is the security comparable with a video conference call?
If you compare the security of XMReality with a regular video conference call, the security is many times higher. This since all XMReality calls are end-to-end encrypted. A few video conferencing solutions have also started to have end-to-end encryption, but at times this needs to be manually turned on by the user and is different from the default. So using XMReality is just as safe, or safer, than using a video conference service.
Is the solution GDPR compliant?
The short answer to this question is Yes. But let’s dig a bit deeper into why that is so. GDPR, short for General Data Protection Regulation, has been in place since 2018 and is a law on data protection and privacy in the European Union and the European Economic Area. It’s quite extensive, and the parts of it that are most related to using our remote guidance service are the parts that concern the storage of personal data.
First of all, the service (in this case XMReality) should make sure that, as a user, your personal data is safely stored and can’t be accessed by anyone who shouldn’t have it. We hope the previous questions have clarified - your data is safely stored and can’t be accessed by any third parties.
Secondly, the service should only collect data on you, which is needed to provide you with the service requested, using XMReality efficiently. For this reason, we only collect information needed to set up your account and support associated administration - both ours at XMReality and your account administration.
The data stored by XMReality, which you have read about above, include your call history. In this case, we can see if you have contacted other users (who have already consented to us accessing their data). You might sometimes call a non-XMReality user by sharing a call link with them. In this case, the data we store is that you have made a call using web links but no data on whom you connected with. So XMReality doesn’t store any information on this person who is not an official user of our service.