Privacy policy and security
A privacy policy should clearly explain to users how their personal information is collected, used and protected by the business.
oorja built with your privacy in mind, ensuring the content and communications stay confidential among collaborating users.
- All content-data is encrypted in transit and rest. By content-data we mean terminal-stream-text, chat-messages, diagrams, code or any data created among room-participants using the collaborative apps.
- Content-data is synced among participants using secure transports (TLS) when they are online in the room. Content-data is also end-to-end encrypted using 128-bit AES-GCM: oorja servers, and even trusted certficate authorities cannot read into it without the secret key (kept is room's secret link's fragment. The application does not send the secret key to any server or third party).
It is the responsibility of the room-participants to share room-links with trusted peers over trusted channels. - Collaborative apps store content-data on users personal devices (browser storage) encrypted with room-key.
To facilitate collaboration in scenarios where participants are online at different times, content-data is also uploaded to the server as an encrypted snapshot and synced to the participants when they come back online. - Media comms (camera, mic, screen) are encrypted. However, not e2ee as default. This feature is currently under gradual rollout. It will be made default when it's stable.
- We provide a secure vault for users to store private information like room keys. This vault is protected using strong 256-bit AES-GCM encryption, with a key created from the user's password. The password never leaves your device, and all vault changes are made on-device. If you lose or forget your password, you won't be able to access your vault. The encrypted version of the vault syncs to our server, enabling access from multiple devices while maintaining security.
- How you do you collect, store and secure user data ?We collect the user's email and profile from the identity provider they choose during sign-in - Google/Github. There can be other identity providers in the future. The sign-in process is used as an authentication challenge (to prove you're not a robot), to ensure fair-use, or payment accounting if any. Your email is not visible to the room participants you collaborate with.
Data is stored within the US, and not shared with any third party. There are no ads or tracking on this website. - How can users access, update or request the deletion of any personal data collected about them.You can email akshay@oorja.io from the email you used to sign-up.
- Does this website use cookies ?No
- How are users are notified of updates to your policy ?While we don't see policy values changing, we're working on notifications so that users are up to date on any minute changes.
- Contact details, so that users can make enquiries about their data, submit a privacy complaint, or submit a secruity vulnerability report.You can email akshay@oorja.io