If you have specific questions/concerns about a particular risk, control, or aspect of the service, email contact@streamyard.com, and we can address it directly. StreamYard is an approved application for platforms like YouTube, LinkedIn, and Facebook. These companies reviewed StreamYard before approving it.
General Architecture
StreamYard is a distributed system with a micro-service architecture. Each service is given the minimum permissions required to operate. All services operate inside a Virtual Private Cloud with rules that prevent unauthorized requests from entering the StreamYard network. Most services are not accessible through the public internet; only services that must communicate with clients are accessible.
Data Transfer and Encryption
StreamYard forces HTTPS for all services using TLS (SSL). Inside the streaming studio, all incoming and outgoing video and audio streams are encrypted using DTLS v1.2. When a broadcast is live, video and audio data is decrypted on the StreamYard servers so that the various video sources can be mixed and transcoded into the final outgoing feed. The final feed is encrypted for all social platforms that support RTMPS.
All customer data is encrypted at rest using AES-256.
Payment / Credit Cards
StreamYard does not store any of your credit card information on its servers. All payment processing is handled by Stripe.
Operational Security
StreamYard utilizes an identity and access management system to give all users, services, and systems the minimum permissions necessary to operate
Attack mitigation
StreamYard
- Prevents CSRF, XSS, injections and other types of attacks;
- Rate limits login attempts and other types of requests; and
- Does not store passwords. Users log in using One Time Codes sent to their email address.
We respect your privacy and work very hard to protect your data.