VideoSDK GDPR Compliance Overview

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive EU regulation that safeguards the privacy and personal data of individuals in the European Economic Area (EEA). It establishes strict requirements regarding transparency, security, data processing, user permissions, and the rights of individuals.

How VideoSDK Ensures GDPR Compliance

1. Data Minimization

We collect and process only the data necessary to deliver video, audio, and engagement services.

2. Encryption

All real-time media streams are encrypted in transit using secure industry-standard protocols (TLS/SRTP).

3. Data Residency Options

Customers can host workloads on EU-based infrastructure to ensure that all data remains within the region.

4. Consent-Based Recording

Recording is disabled by default. Any recording requires explicit user consent and can be controlled at the application level.

5. No Audio/Video Storage Without Consent

VideoSDK does not store live audio or video streams unless recording is explicitly enabled by the customer.

6. Right to Erasure & Access

We support user data access and deletion requests in accordance with GDPR requirements.

7. Data Processing Agreement (DPA)

A formal DPA is available for customers, outlining our responsibilities as a data processor.

8. Secure Authentication

We use JWT-based authentication and role-based permissions to ensure secure and controlled access to services.

Customer Responsibilities

While VideoSDK provides tools and infrastructure to support GDPR compliance, customers remain responsible for:

• Configuring platform settings appropriately
• Obtaining end-user permissions
• Managing personal data as the data controller

Contact & Documentation

For compliance questions, security documentation, or DPA requests, contact: security@videosdk.live