• Blog
  • Use Cases
  • Pricing
  • Request a Demo
Sign in
Get Started
© All rights reserved.
Weet Weet
  • Blog
  • Use Cases
  • Pricing
  • Request a Demo
Sign in
Get Started
Weet

Weet Security FAQ

Security is one of Weet’s top priorities. You trust us to deliver your messages, share personal or professional content, and we take this mission very seriously. We leverage the latest technology and security features to protect your data. As well as perform regular audits to continue improving our policies and procedures.

    Privacy Compliance

    Weet commits to protect your privacy. We are GDPR and CCPA compliant. Weet acts as the data controller for the data collected through its application and website. Our privacy notice describes the scope of data collected, the purpose for data collection, the data lifecycle and many relevant information for data subjects.

    Weet only requires basic information from its users: full name and an email address.

    Weet has appointed a Data Protection Officer reachable here.

    For further details please refer to Weet’s privacy notice.

    In addition to the above commitments, Weet gives its users direct access to delete their content and close their accounts.

    Where is my data stored?

    We store our users’ data in highly secured GCP data centers located in the USA.

    How to delete your Weet account

    To permanently delete your Weet account, go to:
    Accounts Settings > Delete your account

    Warning: This action cannot be reversed. Your account information and all of your Weets will be permanently deleted and won’t be recoverable.

    Weet Chrome extension

    The Weet extension needs minimal permissions! Our extension only requires access to the weet.co website, your webcam, microphone, and that’s it!

    Extensions often hide a lot of things… not ours. The Weet chrome extension only communicates with our website without any hidden API calls. Proof is, Weet can work without the extension… but let’s be honest, it will definitely help you get a better experience. 

    Install the extension now!

    How do we protect your data?

    Together we are stronger. This is why at Weet, protecting your data is a team effort! 

    Our staff is trained and aware of privacy and security related risks. Our set of policies gives us the framework to have an effective Information System Security management.

    Confidentiality and Access Control

    Only you or the persons you share your Weets with can access your content. Besides that, we implement security principles like need-to-know and least-privileges to prevent unauthorized access to your data. Only specific employees  can access user data. Access data is monitored and tracked. We store access logs for a year.

    Data Center Security and Compliance

    Weet hosts Service Data primarily in GCP data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.

    Learn more about Compliance at GCP.

    GCP infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and your data. GCP on-site security includes several features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. 

    Learn more about Data Center Controls at GCP.

    Network Management and Security

    Our hosting provider (GCP) maintains industry standard fully redundant and secure network architecture with reasonably sufficient bandwidth as well as redundant network infrastructure to mitigate the impact of individual component failure. Our security team utilizes industry standard utilities to provide defense against known common unauthorized network activity, monitors security advisory lists for vulnerabilities, and undertakes regular external vulnerability scans and audits.

    Our infrastructure is well-architected using cloud performance and security best practices.

    • Weet is highly available and scalable
    • Storage is redundant
    • We leverage a global CDN to provide fast access to your content
    • Firewall rules segregate our network components 
    • Traffic is monitored with IDS technology
    • The application is regularly tested against vulnerabilities during the SDLC (DAST/SAST)
    Audits

    Weet is developed and maintained by the Speach team, leveraging its business experience and infrastructure. Speach undergoes an annual SOC2 Type II audit. Our latest SOC2 report can be requested here.

    Third-Party Penetration Tests

    In addition to our extensive internal scanning and testing program, each year, Weet employs third-party security experts to perform a broad penetration test on its application and infrastructure.

    Data Encryption
    • Encryption in Transit

    All communications with Weet UI and APIs are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Weet is secure during transit. Additionally, for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. 

    • Encryption at Rest

    Service Data is encrypted at rest in GCP using AES-256 key encryption.

    Signed URLs

    Weet uses the AWS CDN network, known as Cloudfront, to deliver your videos and images contents more rapidly. Cloudfront offers a way to secure your content by using “Signed URLs.” A signed URL is a URL that provides limited permission and time to make a request. Once the signature appended to the URL has expired, the content cannot be requested anymore, mitigating potentially unauthorized leaks. For authenticated users accessing restricted content through Weet, the signed URL security mechanism will be fully transparent.

    Backups

    We leverage redundant storage technologies to store your data. Additionally, your data is backed up in an encrypted format and stored in a different data center to ease disaster recovery.

    Authentication and Credential Storage

    While you do not rely on Google or Microsoft for your authentication, Weet follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.

    Weet’s third-party partners

    Weet relies on third-party partners for the following scope of activities. We may forward personal data to these third parties that act as data processors for Weet. Weet has written agreements in place to ensure the processing of your data abides by the privacy regulations in scope.

     

    Provider’s nameStorage locationScope
    GCPUSACloud hosting provider
    SentryUSAError logging service
    AmplitudeUSAUsers analytics
    IntercomUSACustomer service / support
    MailjetUSAEmail delivery
    TypeFormUSASurveys

    Company

    • Why Weet?
    • About Us
    • Pricing
    • Request a Demo

    Product

    • Product News
    • Screen Recorder
    • Workspaces and Channels
    • Weet Slack Integration
    • Weet for Microsoft Teams

    Resources

    • Customer Stories
    • Blog
    • Security

    Contact us

    contact@weet.co

    Share your product requests in our Facebook Group

    © Weet, 2020. All Rights Reserved. 2 Embarcadero Center, San Francisco, CA 94111. Privacy Policy – Terms of Service