When using any communication service, you want to ensure your data is secure - especially if you use it to conduct business. At XMReality, we assure you that your data is safe when you use our software. Being ISO 27001 certified, we take deliberate measures to protect our service and the information you share in an XMReality call.
Where is the data stored?
The XMReality service is hosted on Amazon Web Services (AWS), an on-demand cloud computing platform. AWS is one of the most extensive global cloud infrastructures with security standards that meet the high demands of the military, international banks, and other high-sensitivity organizations.
When using XMReality Managed Cloud Storage, your images, video recordings, notes, and transcripts are stored centrally on this secure infrastructure. This ensures seamless access to your documentation whenever you need it. We also support storing your call data on your organization’s own Microsoft OneDrive or locally on the device itself. In those specific configurations, the visual data resides on those respective platforms rather than XMReality’s infrastructure.
What data is stored?
We store the data necessary to provide a seamless experience, manage your account, and maintain history. This includes user information, contact lists, call logs, and step-by-step instructions.
Regarding visual data (images and video recordings), how they are stored depends on your setup:
-
When using XMReality's managed cloud storage: Notes, transcripts, images and recordings are stored on XMReality managed infrastructure. This ensures that your documentation is saved automatically and is available forever, or until you decide to delete it.
-
Alternative Storage Options: Your organization may choose to store visual assets on Microsoft OneDrive or strictly on local device storage.
Regardless of the storage location, call notes and transcripts are always stored on XMReality managed infrastructure to ensure they are accessible in your call history.
Is the data encrypted?
Security is our top priority, covering both the live call and the stored data.
Live Calls: Calls are end-to-end encrypted (E2E). This method prevents third parties from accessing audio and video while it is being transferred from one call participant to another. The sending device encrypts the data, and only the receiving participant’s device can decrypt it. So a third party cannot decrypt and read the sent information. Also, XMReality cannot decrypt the sent audio, video and data in a call, even though we provide the call service.
Note on multi-party calls: In calls with more than two participants, communication is encrypted between each participant and the XMReality conference server. The data is temporarily decrypted inside the secure conference server solely to distribute the stream to other participants, and is never stored during this process.
Stored Data: Any data stored on XMReality infrastructure, including notes, transcripts, images and video recordings, is encrypted in transit and at rest. This means your files are protected by robust encryption standards while moving to the cloud and while stored on our servers. Additionally, images are processed securely to generate smaller variants (thumbnails) for faster loading within the app.
Is the security comparable with a video conference call?
XMReality offers a higher standard of security than most typical video conferencing setups. While standard conferencing tools often decrypt data at the server level to process the stream, XMReality peer-to-peer calls are end-to-end encrypted by default. Although some video conferencing solutions now offer end-to-end encryption as an option, it often comes with significant compatibility limitations across devices. XMReality incorporates this advanced security natively, ensuring a robust and secure environment for your calls.
Is the solution GDPR compliant?
Yes. XMReality is fully compliant with the General Data Protection Regulation (GDPR). Our compliance strategy focuses primarily on two key pillars relevant to remote guidance: secure storage and data minimization.
Secure Storage: We ensure that your personal data is protected against unauthorized access. As detailed in the sections above, your data is encrypted and isolated, ensuring it cannot be accessed by third parties.
Data Minimization: We only collect the data strictly necessary to provide our service, such as account setup details and support administration. For example, we retain call logs to help you track history and usage. Regarding external users (guest participants), we do not harvest their data, we only store information that you manually enter into the system, such as the name of a call link recipient.
