Security and Compliance

Effective May 9, 2024

This document outlines our commitment to safeguarding the security and privacy of the data you entrust to us. Here, you will find detailed information about how we host and manage our services, our compliance with international security standards, our data protection practices, and the measures we take to ensure the integrity and availability of our systems.


Our application components are hosted across multiple services:


Users can access our Services using either Email/Password authentication or Google OAuth 2.0. Currently, we do not support Two-Factor Authentication.

Session Management

Session tokens are automatically renewed unless explicitly revoked by the user. We implement an invalid password lockout policy to enhance security.

Compliance Certifications

Our servers and infrastructure providers are compliant with major security standards:

Data Storage

Data related to rooms (titles, customization, timers, messages, logs) is stored on MongoDB Atlas clusters located in South Carolina (us-east1), with backups retained for three months. Images (custom logos, backgrounds, etc.) are stored in a Google Cloud Platform storage bucket under an “EU (multiple regions in European Union)” policy.

Security Practices

Backup and Recovery

Our data recovery strategy includes:

System Integrity and Redundancy

Security Measures

For more details on which third-party services we use that may receive personal information, please refer to our Privacy Policy.