Skip to content

Commit

Permalink
feature and security updates (#2400)
Browse files Browse the repository at this point in the history 
* feature and security updates

1. Updated data and privacy and talked about summary and transcription data not being stored or using to train models
2. Updated HIPAA document with latest feature updates
3. Updated title for post call transcription
4. SIP DTMF Error code updaates

* Update webhook.md

Add fields associated with SIP in peer events

* Update SIP-DTMF-transmission.mdx

* Update SIP-DTMF-transmission.mdx
  • Loading branch information
@mntrspace
mntrspace authored Sep 23, 2024
1 parent 3d57fd6 commit f300533
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 61 deletions.
1 change: 1 addition & 0 deletions ...ed/v2/get-started/security-and-privacy/100ms-policy-on-security-and-privacy.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ nav: 9.1
- 100ms minimizes collection of Personally Identifiable Information (PII) and has controls in place to prevent PII breaches and unauthorized access.
- In addition to access-controls, monitoring, data security controls, 100ms also has third-party disclosure policies in place.
- 100ms can provide COPPA (Children's Online Privacy Protection Act) compliant recordings even in multi-student classrooms by implementing custom recording workflows.
- 100ms does not use customer data to train its transcription models. However, it relies on an external service for its summarization feature. No data (customer's or 100ms') is stored, retained, or used for model training by this external service.

## Special Requests - IP whitelists, Data Residency

Expand Down
60 changes: 49 additions & 11 deletions ...tarted/v2/get-started/security-and-privacy/HIPAA compliance/HIPAA-workspace.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ This section outlines 100ms' security framework and technical implementation, co

- 100ms does not store your video, audio or screensharing data.
- All of 100ms’ video and audio calls are encrypted to and from 100ms’ SFU servers. Encrypted media in transit is decrypted only in the server memory, ensuring that the exposure of the decrypted stream is as minimal as possible. At the application layer, we never have access to unencrypted media.
- All audio, video, and screen sharing media are transmitted encrypted using the Secure Real-time Transport Protocol (SRTP) which are encrypted over Datagram Transport Layer Security (DTLS) with AES 256-bit encryption.
- All audio, video, and screen sharing media are transmitted and encrypted using the Secure Real-time Transport Protocol (SRTP) which is encrypted over Datagram Transport Layer Security (DTLS) with AES 256-bit encryption.
- TURN servers are media relay servers only so there is no processing or storage of media. TURN servers do not and cannot decrypt the media that they relay.
- Disk encryption is enabled on the servers.

Expand All @@ -41,6 +41,40 @@ This section outlines 100ms' security framework and technical implementation, co
- Recordings, when stored with 100ms, are stored on encrypted disk servers and deleted after 15 days.
- **Only for HIPAA Workspaces** - Recording with the customer’s cloud storage bucket configured on 100ms is the only method allowed by 100ms. As soon as the recording for a particular session is complete, it is uploaded to the customers’ storage and immediately deleted from ours.
- **Only for HIPAA Workspaces** - Access to customers’ buckets cannot be obtained by 100ms because write-only access is enforced when configuring the customer’s storage bucket.
- In case of a failure of processing or upload of recordings, the failed recordings are stored with 100ms' secure file storage for up to 7 days and reupload is attempted during this period. After 7 days, these files are automatically deleted.

#### Post call transcription

- Post call transcription is an opt-in feature, which requires call recording to be enabled by the customer.
- A speaker-labeled transcript is generated upon completion of the call recording.
- Transcripts are generated and processed on 100ms’ servers. No data from the transcription process is used for training any AI models.
- Transcripts are not stored by 100ms once generated.
- The audio file of the recording is securely stored within 100ms’ temporary file storage for up to 14 days in the same region as the customer’s workspace if post call transcription is enabled. This is to ensure that in case of a failure of processing or upload of the recording, transcript or summary, the data is not lost for the customer. After 14 days, the files are automatically deleted.
- The transcript itself is not stored by 100ms. In case of a failure of processing or upload, the transcript is regenerated, and a reupload is attempted. If the reupload is successful, all stored files are promptly deleted.

#### AI-generated summary

- AI-generated summary is an opt-in feature, which requires call recording as well as post call transcription to be enabled.
- 100ms uses an external service for generating summaries. A HIPAA Business Associate Agreement (BAA) has been signed between 100ms and the service provider.
- No data is stored by 100ms or the sub-processor providing the service.
- The data is not used for training any AI models.
- Summaries are not stored by 100ms once generated.
- The audio file of the recording is securely stored within 100ms’ temporary file storage for up to 14 days in the same region as the customer’s workspace if post call transcription is enabled. This is to ensure that in case of a failure of processing or upload of the recording, transcript or summary, the data is not lost for the customer. After 14 days, the files are automatically deleted.
- The summary itself is not stored by 100ms. In case of a failure, the transcript and the summary are regenerated, and a reupload is attempted. If the reupload is successful, all stored files are promptly deleted.

#### Closed captions

- 100ms uses an external service for speaker-labeled closed captions.
- A HIPAA Business Associate Agreement (BAA) has been signed between 100ms and the service provider.
- No data is stored by 100ms or the sub-processor providing the service.
- The data is not used for training any AI models.

#### Session Initiation Protocol (SIP) - Audio and Video

- Media encryption is performed using the **AES_CM_128_HMAC_SHA1_80** cryptographic suite.
- Media is not stored at any point; all transmissions are transient.
- Phone numbers, when used, are masked and securely stored in call logs only.


#### Secure webhooks

Expand Down Expand Up @@ -129,9 +163,13 @@ Following services and features can be **enabled** and used:
2. Composite Recording with user’s cloud storage bucket configured
1. Recording with the [customer’s cloud storage bucket configured](/get-started/v2/get-started/features/recordings/recording-assets/storage-configuration) on 100ms is the only method allowed by 100ms. As soon as the recording for a particular session is complete, it is uploaded to the customers’ storage and immediately deleted from ours.
2. Access to customers’ buckets cannot be obtained by 100ms because write-only access is enforced when configuring the customer’s storage bucket.
3. Whiteboard
4. Session Initiation Protocol (SIP) (Limited Preview Access)
5. Chat
3. Closed Captions
4. Post Call Transcription
5. AI-Generated Summaries
6. Noise Cancellation
7. Whiteboard
8. Session Initiation Protocol (SIP) - Audio and Video
9. Chat

Following services within the template have been **disabled** and locked for the HIPAA Workspace:

Expand All @@ -140,16 +178,12 @@ Following services within the template have been **disabled** and locked for the
3. Track Recording
4. Stream Recording
5. Live Transcription for HLS
6. Post Call Transcription
7. AI-Generated Summaries

Following services are in the process of being HIPAA compliant:

1. Live Transcription (Video Conferencing and HLS) - Diarized and Non-diarized
2. Post Call Transcription - Speaker Labelled (Diarized)
3. AI-Generated Summaries
4. Track Recording
5. Stream Recording
1. Track Recording
2. Stream Recording
3. Custom Composite Recording

#### Server Side

Expand Down Expand Up @@ -291,6 +325,10 @@ Creating and using a HIPAA workspace doesn’t guarantee HIPAA compliance until

We have signed BAAs with critical services and features which will have temporary access to the customers’ ePHI.

5. Is there any data stored and retained by 100ms or its sub-professors for the purpose of training any AI models?

Recordings can be stored with 100ms for upto 7 days, in case of a failure of processing or upload to the customer's configured storage bucket. Transcripts or summaries aren't stored with 100ms and aren't used for training any AI models.

Check failure on line 330 in docs/get-started/v2/get-started/security-and-privacy/HIPAA compliance/HIPAA-workspace.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/get-started/v2/get-started/security-and-privacy/HIPAA compliance/HIPAA-workspace.mdx#L330 

[Vale.Spelling] Did you really mean 'upto'?
Raw output 
{"message": "[Vale.Spelling] Did you really mean 'upto'?", "location": {"path": "docs/get-started/v2/get-started/security-and-privacy/HIPAA compliance/HIPAA-workspace.mdx", "range": {"start": {"line": 330, "column": 45}}}, "severity": "ERROR"}

5. **Can a workspace be deleted?**

A workspace cannot be deleted at this point of time. If you do require this, please reach out to us through the support widget on 100ms dashboard.
17 changes: 12 additions & 5 deletions ...de/v2/how-to-guides/Session Initiation Protocol (SIP)/SIP-DTMF-transmission.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ The DTMF API provided by 100ms enables the transmission of DTMF tones directly t

| Parameter | Type | Description |
|-----------|-------|-----------------------------------------------------------------------------------------------------------------------------|
| digits | array | An array of strings, where each string is a character representing a DTMF tone. Valid characters are 0-9, *, #, a, b, c, d. |
| digits | array | An array of strings, where each string is a character representing a DTMF tone. Valid characters are 0-9, *, #, a, b, c, d |

- **Target Recipients:** The DTMF tones will only be sent to all SIP participants present in the call. WebRTC participants will not receive these tones.
- **Transmission Order:** Requests are queued and processed sequentially; subsequent requests will not be processed until all previous tones have been sent.
Expand All @@ -54,16 +54,23 @@ The DTMF API provided by 100ms enables the transmission of DTMF tones directly t

```

**400 Bad Request** - When the request is invalid.
**400 Bad Request** - When the request is invalid due to non-acceptable digit.

```json
{
"code": 400,
"message": "no sip participants in the call",
"details": [""]
"code": 400,
"message": "invalid digit"
}

```

**400 Bad Request** - When the request is invalid due to missing digits

```json
{
"code": 400,
"message": "digits are mandatory"
}
```

This documentation provides a clear pathway for integrating DTMF transmission capabilities within your applications, ensuring effective interaction with systems requiring numerical input during SIP calls.
Loading

0 comments on commit f300533

Please sign in to comment.