meetbot.dev

security

We're infrastructure. Recordings flow through us; they're never our property.

meetbot is the bot that joins your meetings, not the warehouse that owns the tape. Customer recordings transit our containers and land in your bucket. Below: how it actually works.

Working draft pending counsel review. Compliance posture below is current as of 2026-05-10; certifications listed as "planned" or "in progress" are not yet issued. For a signed DPA or NDA-bound trust packet, email security@meetbot.dev.

Last updated 2026-05-10

Architecture

Architecture

End-to-end data flow. Customer initiates the dispatch from their backend; the bot in our container joins the meeting; per-speaker audio streams to your S3 bucket as it's captured; a signed webhook reaches your endpoint when the call finalizes.

data flow

  ┌──────────────┐         POST /api/v1/bot          ┌─────────────────────┐
  │   your app   │ ────────────────────────────────▶  │  meetbot api edge   │
  │   backend    │ ◀──── 200 { bot_id, status } ─────│  (cloudflare → eu)  │
  └──────┬───────┘                                    └──────────┬──────────┘
         │                                                       │
         │ webhook (HMAC-SHA256)                                 │ enqueue
         │                                                       ▼
         │                                            ┌─────────────────────┐
         │                                            │  orchestrator (eu)  │
         │                                            │  picks platform pod │
         │                                            └──────────┬──────────┘
         │                                                       │ spawn
         │                                                       ▼
         │                                            ┌─────────────────────┐
         │                                            │  bot container      │
         │                                            │  meet · teams · zoom│
         │                                            └──────────┬──────────┘
         │                                                       │
         │                          per-speaker audio,           │
         │                          captions, chat, video        │
         │                                ▼                      │
         │                       ┌─────────────────┐             │
         │                       │  YOUR S3 bucket │  ◀──────────┘
         │                       │  (you own it)   │   multipart upload
         │                       └────────┬────────┘
         │ ◀──── webhook: meeting_ended, files_ready ────┘
         ▼
  ┌──────────────┐
  │ your handler │
  └──────────────┘

We are infrastructure; customer recordings flow through us in transit but are never our property. The S3 bucket is yours, on your AWS/R2/MinIO account, with credentials we hold scoped to PutObject + AbortMultipartUpload on a single prefix you specify.

Encryption

Encryption

  • in transit

    TLS 1.3 in transit on every customer-facing endpoint and every bot↔platform connection.

  • at rest

    AES-256-GCM at rest for OAuth tokens and webhook secrets, keyed off a per-deployment master key in Hetzner's encrypted volume layer.

  • roadmap

    KMS-per-tenant for token storage on the M5 roadmap (Q4 2026). Until then, tenant tokens are isolated logically (row-level) but share the master key.

Retention

Retention

Per-bot retention is configurable: 0 days (default — emit to your bucket and delete from our temp volume), N days, or forever. Most production users pick 0; 'forever' is for compliance pipelines where the audit trail matters more than disk.

Audit logs of bot dispatches retain for 90 days by default and are exportable from the dashboard at any time.

retention configuration · docs

Audit + compliance

Audit + compliance

Honest table. Some rows say 'in progress' or 'planned'. We will not claim certifications we don't hold.

controlstatustargetnote
SOC 2 Type 1in progress2026 H2Engagement signed; gap assessment underway with our auditor. Vanta deployed; controls being instrumented.
SOC 2 Type 2planned2027 H212-month observation window opens once Type 1 is issued. No certification today.
ISO 27001planned2027 H2Sequenced after SOC 2 Type 2; same control overlap. No certification today.
HIPAA BAAno formal cert todayenterprise contract on requestWe can sign a BAA template on enterprise contracts as a contractual commitment — but we hold no formal HIPAA certification today and don't claim one. Don't deploy meetbot on a HIPAA-regulated workload that needs a third-party attestation now.
GDPRin scopeEU-hosted by defaultDPA template at /dpa-template.pdf (pending counsel finalisation). No statutory DPO appointed (not required at our scale per Art. 37); privacy@meetbot.dev acts in that capacity. EU establishment in Berlin (DE).
PCI DSSn/a — Stripe-handledWe never see card numbers; Stripe Checkout + Stripe-hosted billing portal handle PCI scope.

Access controls

Access controls

Better Auth's organization plugin powers the account model: every customer is an organization, with admin · member · billing roles. Audit log of admin actions surfaces in the dashboard.

Internal access to production: 2 people (Pavel + on-call). All SSH access is via short-lived certificates issued by Tailscale; no long-lived keys; full audit log.

Vulnerability disclosure

Vulnerability disclosure

Email security@meetbot.dev — PGP key on request. We publish a /.well-known/security.txt per the well-known spec. Bug bounty program is on the M5 roadmap; until then, we acknowledge serious finds publicly with the reporter's permission.

security@meetbot.dev

Incident response

Incident response

Public commitment: incidents disclosed within 24h via /blog and on the @meetbot social. Severity-1 incidents get a same-day post-mortem; lower severity within 7 days. Linked from /uptime.

Want a deeper dive? Email security@meetbot.dev — we'll send the (in-progress) trust portal.