Security & Data Privacy
Iristick.Assist is built on a privacy-first architecture. All audio and video flow directly between devices — nothing passes through Iristick servers, nothing gets stored. This page explains how that works.
Architecture: Peer-to-Peer by Default
Iristick.Assist uses WebRTC, an open standard for real-time communication. Once a session is established, media streams flow directly between the field worker's device and the remote expert's device.
Iristick's role is limited to session setup only:
- Signaling — Clients exchange session metadata (SDP) through the Iristick signaling server to find each other.
- ICE candidate exchange — The clients determine the best route for a direct connection. If firewalls block direct access, STUN/TURN servers help establish the path.
- Peer-to-peer media — Once connected, encrypted audio and video flow directly between devices. Iristick is no longer involved.
flowchart LR
A[Field worker] -->|Signaling only| B[Iristick Server]
C[Remote expert] -->|Signaling only| B
A <-->|Encrypted P2P media| CSTUN/TURN servers
When direct connections are blocked by network firewalls, STUN/TURN servers relay the traffic. Even in this case, all media remains end-to-end encrypted — the relay server cannot access the content.
Room Access Control
When a remote expert joins a room, the session is locked automatically. No additional participants can join unless explicitly invited by someone already in the call. This prevents unauthorized access to active sessions.
Encryption
Media (audio, video, photos)
All media is encrypted using DTLS-SRTP with ephemeral keys:
- A unique encryption key pair is generated for each session
- Keys exist only on the two connected devices
- Keys are destroyed immediately when the session ends
No one — including Iristick — can decrypt the media stream.
Signaling
All signaling data exchanged during session setup is protected with HTTPS / TLS 1.2+.
Zero Storage
Iristick.Assist stores no media. Ever.
| What | Stored on Iristick servers? | Stored on devices? |
|---|---|---|
| Audio | No | No |
| Video | No | No |
| Photos taken during a call | No | Only during the active session |
| Signaling metadata | No (transient only) | No |
Download photos before ending the call
Photos captured through the smart glasses during a session are transmitted directly to the expert via WebRTC. Once the call ends, all photos are immediately and permanently deleted from both devices. Download any photos you need before disconnecting.
Data Collected by Iristick
Iristick collects anonymous usage data only for abuse prevention and service improvement:
- No personally identifiable information
- No location data
- No device IDs
- No profiling, advertising, or resale of data
All usage data is stored and processed within Europe.
Infrastructure
| Component | Managed by | Protected with |
|---|---|---|
| Signaling server | Iristick | TLS 1.2+ |
| STUN/TURN servers | Iristick | End-to-end encryption (DTLS-SRTP) |
| Media routing | None — direct P2P | DTLS-SRTP with ephemeral keys |
Development, staging, and production systems are strictly separated to prevent unauthorized access or data leakage.
Comparison with Iristick.Teams
Looking for the Teams security model? Iristick.Teams uses a different architecture based on Microsoft Azure Communication Services. See Iristick.Teams Security & Data Privacy.
| Iristick.Assist | Iristick.Teams | |
|---|---|---|
| Connection model | Peer-to-peer (WebRTC) | Azure Communication Services |
| Media through Iristick servers | Never | Never (OOTB: through Microsoft; Self-hosted: through your Azure) |
| Data stored by Iristick | Anonymous usage data only | User info + call summaries |
| Encryption | DTLS-SRTP (end-to-end) | TLS 1.2+ (in transit), AES-256 (at rest) |
| Authentication | Room-based, no account required | Microsoft Entra ID via MSAL |