Data security
You may be presenting sensitive information during your show, so we take data security very seriously.
GENERAL INFORMATION
Our systems run on Microsoft’s Azure cloud-computing infrastructure. Servers are based in the UK and we adhere to the UK GDPR rules. For general information about how we manage your data, please see our privacy policy.
All information passing through our servers is encrypted, both in transit and at rest. We exclusively use secure (https:// and wss://) connections with TLS version 1.2, meeting the latest PCI compliance standards.
META DATA RELATED TO YOUR SHOW
Meta data includes information about the show itself: it’s name, when it occurred, it’s duration and the number of presenters/listeners.
The only show meta data we store is the show name – this is so it can be setup in advance and recalled as necessary. As soon as a show name is changed, we keep no record of the previous details.
PRESENTER NAMES
Presenter names are stored on our servers for the duration of the presenter’s session. If the presenter leaves a show (or drops offline), we keep this data for c. 30 minutes in case they come back.
After this timeout, presenter information is deleted completely. No backups of this information are kept.
LIVE POWERPOINT SHOW DATA
Note: PowerPoint show data is only processed if you're running the PowerPoint add-in.
OctoCue processes the following the following live PowerPoint show data:
- Slideshow notes (text only)
- Slideshow file name (e.g. mypresentation.pptx)
- Total slide count & current slide number
- The state of the PowerPoint presentation (either in edit mode or slideshow mode)
Live show data is stored in server memory only, and never written to disk. As soon as notes change (or a show ends), we have no record of the previous information.
Show notes are only visible to the currently active clicker. If you are a presenter with a muted clicker, you will not see any notes.
Live show data is not logged to any of our system logs and not available in our backups.
At no point to we collect, process or store any other slide content - we cannot see the slides themselves.
CLICK DATA
Occasionally we may track individual show clicks – this information is used to keep our systems running smoothly. Individual click information is anonymous and not associated with a particular show name or presenter name.
Click data does not include any live show data.
ORGANISATION CONTROL
While we reduce our transit, storage and processing of information to the mimimum possible to provide our service, sensitive data does still pass through our servers. Hence strong organisational measures are in place to ensure suitable security:
- All servers are protected by 2-factor authentication access control
- Only company directors have global access to servers
- All directors undergo cyber security training
- Any staff access to live servers has to be approved at director level and will be time-limited
- On joining OctoCue Ltd. all staff have to read and understand both our privacy policy, and our obligations under UK GDPR regulations