Your security and privacy is important to us

Your data and calls are private and protected. We accomplish this by integrating security practices across our infrastructure, vendors, employee operations, and internal policies.

Industry-standard compliance



We’ve built one of the strongest compliant implementations of HIPAA within our services. We take the responsibility of compliant integration away from our customers to ensure smooth integration.

Learn more

SOC2 Type II

SOC2 Type II

We comply with the Service Organization Controls Trust Services Criteria set by the AICPA. 100ms has a SOC 2 Type II attestation for Security, Confidentiality, and Availability. The audit report is available on request, under an NDA.

Learn more

Built with security as priority

100ms is engineered to be secure from the ground up. We’ve taken extra care in every server we’ve set up, every permission level that has been shared, and each functionality we’ve built.

Secure calls and infrastructure

100ms’ production infrastructure is hosted on multiple secure cloud services platforms, including Google Cloud Platform (GCP), Amazon Web Services (AWS).


All audio, video, and screen sharing media are transmitted encrypted using the Secure Real-time Transport Protocol (SRTP) which are encrypted over Datagram Transport Layer Security (DTLS) with AES 256-bit encryption. All of 100ms’ video and audio calls are encrypted to and from 100ms’ SFU servers.

Data Storage and Protection

100ms never stores, or records audio-video or data streams unless the client explicitly asks 100ms to store recordings. In the most common configuration, recordings are uploaded directly to the customer’s storage bucket. Any data stored with 100ms is encrypted in transit and at rest.

JWT Tokens and Room Permissions

Connections to 100ms rooms are secured with JWT tokens and room permissions. Customers can create roles and tokens with access controls to ensure only authorized people can join a call, and support TTLs.

Data Residency

Our customers have the option to choose where their data is stored. We have core databases setup in United States of America, Europe and India.

Above and beyond

We go an extra mile (or maybe a couple) in making sure what we’ve built is secure, compliant and bullet proof.

Regular Automated and Manual Vulnerability and Penetration Testing (VAPT)

We have implemented an exhaustive list of security controls including technical safeguards like penetration testing by multiple independent security firms, vulnerability scans and encryption.

Private Bug Bounty Program

We have a private bug bounty program hosted on Hackerone where we invite security researchers to test and penetrate assets across our platform infrastructure, SDKs, APIs and website.

Strict Security Policies and Protocols

All 100ms staff are rigorously screened with background checks, granted only essential system access for the purpose of their duties, and receive annual training in security protocols, incident response, and disaster recovery planning.

Active Compliance

Our compliance policies and security protocols go an extra mile
  • SHA-256 Hashed PHI / PII
  • Masking of IP addresses
  • Forced Signed Webhooks

Regular Vendor Security Assessments

We do regular security assessments of our vendors and have signed agreements for the same. We provide the same service to our customers on request.

Help us stay secure

Explore our Repos

Explore our Repos

100ms platform SDK and Prebuilt repositories are open source.

Go to GitHub

Responsible Security Disclosure

Responsible Security Disclosure

Learn how to report platform vulnerabilities, bugs, data breaches and leaks, and other security issues responsibly.

Read the policy

Frequently asked questions

All of 100ms’ video and audio calls are encrypted over DTLS to and from 100ms’ SFU servers.

Security Center

Learn more about different security and compliance practices within 100ms and the industry.

A Primer on HIPAA Compliance

Understand what HIPAA compliance is, who it applies to and its key guiding principles.

Read the blog

HIPAA Workspace

Learn how we’ve implemented HIPAA compliance in 100ms.

Read the blog

Privacy Policy

Read the policy