Cyara Acquires Spearline to Deliver World’s Most Comprehensive Customer Experience Assurance Platform. Learn More

How Monitors WebRTC Sessions Without Compromising Data Privacy

By callstats on July 19, 2019

Customers occasionally ask how protects the privacy of the end-users monitored by our service. This is an obligation that takes quite seriously. In this blog I’ll review some of the architectural components and data flows, describe the personally identifiable information we collect, and explain how we securely transport and store data throughout its lifecycle. Refer to our Privacy Policy for a complete description of personal information types and protections.

Updated on 7 August, 2019 for clarity.

Two Types of Personally Identifiable Information

First, we must distinguish between two types of personally identifiable information (PII) we collect:

  1. Customer/visitor PII is provided by the employees of organizations that use to monitor their communications services and visitors to our website. Customer data is very familiar to anyone who uses software as a service. Examples include employee names and email addresses. In addition, we may collect billing data for the organization that pays for the service, such as credit card data.
  2. End-user PII is data about the end-users whose communications quality are monitored by As explained below, end-users load the customer’s communications application in their browser, which incorporates the libraries and instructs the browser to report call quality data to End-user PII examples include IP addresses and other data that the customer’s application may choose to send to

This blog focuses on how we protect End-user PII. Before organizations decide to use, they often want to know how we protect their end-user’s PII from disclosure outside their organization. This blog answers that important question. For information about Customer/visitor PII, cookie policies and other topics, please refer to our Privacy Policy.

Multiple Safeguards Protect Personally Identifiable Information does not share End-user PII with third parties under any circumstances. Access to End-user PII is strictly controlled and limited to the customer’s authorized users (internal access) and a limited number of employees (external access) for support purposes. is designed from the ground up to safeguard End-user PII and prevent disclosure to unauthorized entities. We logically partition and store data by customer organization using a multi-tenant architecture hosted in the AWS secure virtual private cloud infrastructure. The service is built and managed according to industry standards and AWS best practices. We replicate data across AWS availability zones for resiliency. We use advanced encryption mechanisms, authentication techniques and access control methods to safeguard data confidentiality and integrity while in transit and at rest.

The reference diagram below depicts in purple, the various components used to capture, collect and analyze WebRTC service quality statistics.


Architecture diagram

Figure: architecture clients gather WebRTC performance metrics from WebRTC endpoints and intermediary WebRTC elements (e.g. selective forwarding units, multipoint control units), and send them to collectors for centralized storage and analysis. Examples of the metrics we collect include WebRTC packet latency, jitter and loss. We do not have access to media packets, nor can we forward them. Customer network administrators and operations personnel access the browser-based dashboard to monitor service quality and troubleshoot problems.

The service (collectors, dashboard and other core system components not shown in the diagram) is deployed in two distinct AWS Virtual Private Clouds (VPCs) in two distinct AWS regions: us-west-2 and eu-west-1. We replicate data across availability zones within each region for resiliency.

Personally Identifiable Information Received by

The personally identifiable information (PII) received and stored by the service is largely determined by the WebRTC application. Our client collects the IP address of the end-user (caller, contact center agent, etc.) device. Application developers may configure their software to forward additional information, such as telephone numbers or user IDs processed by the WebRTC application. 

In Amazon Connect contact centers, the client can be configured to forward the customer phone number and the agent’s user name.

Multiple Security Mechanisms Prevent Unauthorized Access and Data Disclosure

The underlying physical and virtual infrastructure that powers the service is secured by AWS, under its shared security responsibility model. We secure the applications and workloads that are deployed on the AWS infrastructure. To do this, we employ a comprehensive set of industry-standard security methods—protecting all data flows, storage repositories and system interfaces—to prevent unauthorized access to the service, and to ensure data privacy and integrity. We also adhere to a rigorous internal InfoSec policy; all employees are continuously trained on security threats, trends and best practices ensuring a strong data security mindset across the entire company.

We employ a number of security mechanisms to safeguard End-user PII and enable compliance with data protection regulations, including GDPR.  Specifically, we:

  • Authenticate clients to prevent masquerading using JSON Web Tokens.
  • Encrypt data in transit using HTTPS to prevent eavesdropping and man-in-the-middle attacks
  • Encrypt data at rest using 256-bit Synthetic Initialization Vector (SIV) Advanced Encryption Standard (AES) to protect data confidentiality
  • Implement strong access control mechanisms to prevent unauthorized data disclosure

We encrypt data immediately as it enters the processing pipeline, and transmit it over a secure communication channel. Thus, the entire data processing and analytics pipeline operates on encrypted data. Data remains encrypted in storage and is decrypted only before it is sent to the dashboard (also over the secure communication channel). Once the data is decrypted, only authorized dashboard users can view it.

We store encryption keys and access credentials in a centralized, self-contained, HashiCorp Vault for safekeeping. For support purposes, a small number of authorized employees can gain temporary read-only access to end-user PII, in encrypted-form only.

The Best of Both Worlds: World-Class Monitoring and Strong Security understands the trust its customers place in us to protect their end-user’s privacy. We’ve engineered our service to protect end-user PII from unauthorized disclosure and we never share end-user PII with third parties.

The service is built and managed according to security best practices and standards, and leverages a wide range of security measures to protect against a wide array of threats. We implement strong authentication and access controls to safeguard services, and encrypt data at rest and data in transit to protect privacy and prevent unauthorized disclosure.

To learn more about how can help you monitor WebRTC service quality without compromising data privacy contact sales today.