When using any communication service, you want to ensure your data is secure - especially if you use it to conduct business. At XMReality, we assure you that your data is safe when you use our remote visual assistance solution. Being ISO 27001 certified, we take deliberate measures to protect our service and the information you share in an XMReality call.
Remote visual assistance has become more important than ever in today's business environment. It allows you to provide the necessary assistance to your customers without sending a technician on-site. You can resolve customers' issues quickly while increasing cost-efficiency, customer satisfaction, and profitability.
However, like with so many other means of communication, you want to ensure your data is secure when using the service. Therefore we have gathered some of the most common questions that we receive on data security when using XMReality.
The XMReality service is hosted on Amazon Web Services (AWS), an on-demand cloud computing platform. AWS is one of the most extensive global cloud infrastructures with security standards that meet the high demands of the military, international banks, and other high-sensitivity organizations. So we can assure you that the data is stored safely!
The only data we store is what is needed for you to sign in, make calls, access history, and follow usage. No visual data from your remote sessions are stored on our servers. So no information on what is being said, shown or recorded during a call is stored by XMReality. If you enable cloud storage for images and recordings, those are stored on your organization’s own Microsoft OneDrive, cloud storage that you own and operate, and that follows your own data security and retention policies.
Examples of data stored on XMReality infrastructure include user information and details, your contact list, your call logs and your step-by-step instructions.
Yes, calls are end-to-end encrypted (E2E). This method prevents third parties from accessing audio, video and data while transferring it from one call participant to another. This means that the device that sends information encrypts the sent data, and only the other participant’s device can decrypt it. So a third party cannot decrypt and read the sent information. Also, XMReality cannot decrypt the sent audio, video and data in a call, even though we provide the call service.
This works slightly differently if you are in a multi-party call. Instead of encrypting audio, video and data end-to-end between the sender and the recipient, the call is encrypted between each participant and the XMReality conference server hosting the call. So the communication is still fully encrypted while traversing the open internet, but the communication is temporarily decrypted inside the conference server to know what to send to the other participants. Future standardization work on end-to-end encryption in group calls is in the making, which will enable end-to-end encryption for multi-party calls in a standardized way that works across all devices and browsers.
If you compare the security of XMReality with a regular video conference call, our security is many times higher as XMReality calls are end-to-end encrypted. A few video conferencing solutions have also started implementing end-to-end encryption, but with limited device and software support, making it impossible to use in many use cases. So using XMReality is as safe and often safer than a video conferencing service.
The short answer is Yes. GDPR, short for General Data Protection Regulation, has been in place since 2018 and is a law on data protection and privacy in the European Union and the European Economic Area. It’s quite extensive, and the parts that are primarily relevant to remote guidance are the parts that concern storage and handling of personal data.
First, the service (in this case XMReality) should ensure that your personal data is safely stored and can’t be accessed by anyone who shouldn’t have access to it. As described above, with XMReality your data is safely stored and can’t be accessed by any third parties.
Secondly, the service should only collect data needed to provide you with the requested service. For this reason, we only collect and store information needed to set up your account and support administration. Examples include, as described above, your call history. From this, we can see if you have contacted other users or sent external call links. The only data we ever store about external users is the data you manually enter into our system, for example, the name of the call link recipient.