security
We're infrastructure. Recordings flow through us; they're never our property.
meetbot is the bot that joins your meetings, not the warehouse that owns the tape. Customer recordings transit our containers and land in your bucket. Below: how it actually works.
Architecture
Architecture
End-to-end data flow. Customer initiates the dispatch from their backend; the bot in our container joins the meeting; per-speaker audio streams to your S3 bucket as it's captured; a signed webhook reaches your endpoint when the call finalizes.
data flow
┌──────────────┐ POST /api/v1/bot ┌─────────────────────┐
│ your app │ ────────────────────────────────▶ │ meetbot api edge │
│ backend │ ◀──── 200 { bot_id, status } ─────│ (cloudflare → eu) │
└──────┬───────┘ └──────────┬──────────┘
│ │
│ webhook (HMAC-SHA256) │ enqueue
│ ▼
│ ┌─────────────────────┐
│ │ orchestrator (eu) │
│ │ picks platform pod │
│ └──────────┬──────────┘
│ │ spawn
│ ▼
│ ┌─────────────────────┐
│ │ bot container │
│ │ meet · teams · zoom│
│ └──────────┬──────────┘
│ │
│ per-speaker audio, │
│ captions, chat, video │
│ ▼ │
│ ┌─────────────────┐ │
│ │ YOUR S3 bucket │ ◀──────────┘
│ │ (you own it) │ multipart upload
│ └────────┬────────┘
│ ◀──── webhook: meeting_ended, files_ready ────┘
▼
┌──────────────┐
│ your handler │
└──────────────┘We are infrastructure; customer recordings flow through us in transit but are never our property. The S3 bucket is yours, on your AWS/R2/MinIO account, with credentials we hold scoped to PutObject + AbortMultipartUpload on a single prefix you specify.
Encryption
Encryption
- in transit
TLS 1.3 in transit on every customer-facing endpoint and every bot↔platform connection.
- at rest
AES-256-GCM at rest for OAuth tokens and webhook secrets, keyed off a per-deployment master key in Hetzner's encrypted volume layer.
- roadmap
KMS-per-tenant for token storage on the M5 roadmap (Q4 2026). Until then, tenant tokens are isolated logically (row-level) but share the master key.
Retention
Retention
Per-bot retention is configurable: 0 days (default — emit to your bucket and delete from our temp volume), N days, or forever. Most production users pick 0; 'forever' is for compliance pipelines where the audit trail matters more than disk.
Audit logs of bot dispatches retain for 90 days by default and are exportable from the dashboard at any time.
retention configuration · docsAudit + compliance
Audit + compliance
Honest table. Some rows say 'in progress' or 'planned'. We will not claim certifications we don't hold.
| control | status | target | note |
|---|---|---|---|
| SOC 2 Type 1 | in progress | 2026 H2 | Engagement signed; gap assessment in progress with our auditor. |
| SOC 2 Type 2 | planned | 2027 H1 | 12-month observation window starts the day Type 1 is issued. |
| ISO 27001 | planned | 2027 H1 | |
| HIPAA BAA | enterprise tier | available on request | BAA signable on enterprise contracts. Formal HIPAA certification: 2027. |
| GDPR | in scope | EU-hosted by default | DPA available on request. No DPO appointed yet — pavel@meetbot.dev acts as privacy contact. |
| PCI DSS | n/a — Stripe-handled | — | We never see card numbers; Stripe Checkout + Stripe-hosted billing portal handle PCI scope. |
Access controls
Access controls
Better Auth's organization plugin powers the account model: every customer is an organization, with admin · member · billing roles. Audit log of admin actions surfaces in the dashboard.
Internal access to production: 2 people (Pavel + on-call). All SSH access is via short-lived certificates issued by Tailscale; no long-lived keys; full audit log.
Vulnerability disclosure
Vulnerability disclosure
Email security@meetbot.dev — PGP key on request. We publish a /.well-known/security.txt per the well-known spec. Bug bounty program is on the M5 roadmap; until then, we acknowledge serious finds publicly with the reporter's permission.
Incident response
Incident response
Public commitment: incidents disclosed within 24h via /blog and on the @meetbot social. Severity-1 incidents get a same-day post-mortem; lower severity within 7 days. Linked from /uptime.
Want a deeper dive? Email security@meetbot.dev — we'll send the (in-progress) trust portal.