How VOS handles your data

Every connection to VOS — the app itself, live video and audio sessions, and screen-share traffic — runs over TLS (HTTPS) and encrypted WebRTC/WSS. There is no unencrypted path between a technician, a client, and our servers.

Every user belongs to exactly one organization with one of three roles — owner, admin, or technician. Only owners and admins can invite or remove teammates, change billing, or update organization branding. Technicians can run sessions but cannot touch account-level settings.

Sign-in uses passwordless magic links sent to a verified email address — there's no shared password to leak, phish, or reuse from another breach.

Administrative actions — team invitations and removals, role changes, billing and plan changes, branding updates, and session deletions — are recorded with who did it and when. Account owners and admins can review this activity log at any time from Settings → Activity log.

Saved sessions, recordings, and screenshots are kept for 30 days on the Standard plan and 90 days on the Team plan, then pruned automatically. Retention isn't a manual chore someone forgets to do — it runs on a schedule, tied to your plan, with no configuration required.

Every session, recording, screenshot, and team record is scoped to a single organization ID at the database layer. One company's data is never queryable from another company's session — there is no shared tenant view.

Video sessions are powered by LiveKit's WebRTC infrastructure. Recordings and screenshots are stored in access-controlled storage; when configured to use S3-compatible object storage (e.g. Cloudflare R2), files are encrypted at rest by the storage provider. Application data lives in a managed MySQL database that is not exposed to the public internet.

You can export session and billing data on request, and you can delete a session — along with its recording, screenshots, and notes — permanently, at any time, from the dashboard.