Security

At Duckly we take security and privacy very seriously. We are the first users of the service and we put all our effort in creating a service we would love to use and trust.

Secure calls and encryption

Calls are established using 256-bit TLS encryption and call video, audio, and media are protected by AES-128 encryption.

All the files shared from your IDE are always shared via peer-to-peer and are end-to-end encrypted. The files can only be accessed by the call participants you joined. No data touches our servers.

We collect data about how our features are used and any errors users encounter for the sole purpose of making the services better.

We use Daily.co for our calls which is hosted on AWS infrastructure located around the world. Data centers are SOC 1, SOC 2, and ISO 27001 certified with 24/7 operations and enterprise-grade security. You can learn more about its security at https://www.daily.co/security.

Calls and chat messages with 4 or fewer participants are peer-to-peer and end-to-end encrypted. We don't record nor have access to the meetings.

When a fifth participant joins, the call seamlessly switches to the cloud infrastructure. Cloud-connected calls are encrypted to and from Daily.co cloud servers. Media that is decrypted and re-encrypted in the cloud always happens in memory and at the application layer, so we never have access to your calls.

Our servers and services are hosted on Google Cloud Platform which provides a secure network and computing environment. Including but not limited to firewalls at network or application level, data encryption, DDoS mitigation, etc.

External access

Any access to our servers, source code and third-party tools is secured with 2-factor authentication.

Even though we are a small team, we all have the lowest level of access that allows us to get the work done. This never includes access to production besides rare exceptions when it might be required.