Data security

You may be presenting sensitive information during your show, so we take data security very seriously.

GENERAL INFORMATION

Our systems run on Microsoft’s Azure cloud-computing infrastructure. Servers are based in the UK and we adhere to the UK GDPR rules. For general information about how we manage your data, please see our privacy policy.

All information passing through our servers is encrypted, both in transit and at rest. We exclusively use secure (https:// and wss://) connections with TLS version 1.2, meeting the latest PCI compliance standards.

META DATA RELATED TO YOUR SHOW

Meta data includes information about the show itself: it’s name, when it occurred, it’s duration and the number of presenters/listeners.

The only show meta data we store is the show name – this is so it can be setup in advance and recalled as necessary. As soon as a show name is changed, we keep no record of the previous details.

CLIENT DATA

For any client (presenter, receiver or admin), we collect and log the following:

• Client device details (OS & browser version)
• Connection and disconnection events

PRESENTER SPECIFIC DATA

In addition to generic client data, we collect and log the following details about presenters:

• Presenter names*
• Any presenter clicks

* Presenters are not required to enter a name to use OctoCue - we will assign a name 'Presenter-xxx' by default.

RECEIVER SPECIFIC DATA

In addition to generic client data, we collect and log the following details about receivers:

• Computer host name (About your PC - Device name)
• Receiver version number

POWERPOINT SHOW DATA

Note: PowerPoint show data is only processed if you're running the PowerPoint add-in.

OctoCue processes the following the following live PowerPoint show data:

• Slideshow notes (text only)
• Slideshow file name (e.g. mypresentation.pptx)
• Total slide count & current slide number
• The state of the PowerPoint presentation (edit mode/slideshow mode)

Live show data is stored in server memory only, and never written to disk. As soon as notes change (or a show ends), we have no record of the previous information.

Show notes are only visible to the currently active clicker(s). If you are a presenter with a muted clicker, you will not see any notes.

Live show data is not logged to any of our system logs and not available in our backups.

At no point to we collect, process or store any other slide content - we cannot see the slides themselves.

ORGANISATION CONTROL

While we reduce our transit, storage and processing of information to the minimum possible to provide our service, sensitive data does still pass through our servers. Hence strong organisational measures are in place to ensure suitable security:

• All servers are protected by 2-factor authentication access control
• Only company directors have global access to servers
• All directors undergo cyber security training
• Any staff access to live servers has to be approved at director level and will be time-limited
• On joining OctoCue Ltd. all staff have to read and understand both our privacy policy, and our obligations under UK GDPR regulations