Screendesk's security architecture represents a sophisticated multi-layered approach to securing communications, data handling, and access control. Our system seamlessly integrates customer-facing components with internal infrastructure while maintaining rigorous security protocols at every interaction point. This documentation outlines the comprehensive security measures that protect our platform, ensuring data integrity and user privacy at all times.
At the customer level, Screendesk implements a carefully structured access system designed to meet diverse user needs while maintaining strict security standards. Support Agents operate through our dedicated application, which is deeply integrated within their existing helpdesk system. This integration enables them to seamlessly initiate video calls, manage screen recordings, and request additional recordings from end customers when needed. The integration layer ensures all these interactions occur within a secure, controlled environment.
Workspace Administrators hold elevated privileges within the system, accessing it through our robust authentication framework that incorporates SAML 2.0 and SCIM protocols. These administrators maintain complete control over their organization's workspace, managing configurations and user access permissions while working within our security framework. Their role is crucial in maintaining organizational security policies while ensuring smooth operation for their teams.
End Customers interact with our system through a streamlined, security-focused interface. When joining video calls through our Whereby integration or providing screen recordings, these users benefit from our end-to-end encryption and secure communication channels. Every interaction is protected by HTTPS/TLS 1.2+ protocols, ensuring data privacy and security throughout the session.
Internal access to Screendesk's systems follows a hierarchical structure with carefully delineated permissions and multiple security layers. Support Administrators access the system through our admin dashboard, protected by strong multi-factor authentication. Their direct connection to the web tier enables effective monitoring and support activities while maintaining system security through strictly defined access parameters.
Engineering Administrators operate under an even more rigorous security framework. Their access requires successful navigation through three distinct security layers: IP whitelisting, Google Workspace SSO, and enhanced MFA protocols. This triple-layer protection ensures that cloud service access remains secure while preventing unauthorized infrastructure modifications.
At the highest level, the CTO position holds comprehensive infrastructure control privileges. This role carries exclusive rights to modify Render.com services, with access undergoing quarterly security reviews to maintain compliance and security standards. The position's elevated access comes with additional responsibility for maintaining system integrity and overseeing security protocols.
The Screendesk application infrastructure, hosted on Render.com, employs a sophisticated multi-tier architecture designed for both security and scalability. The Web Tier comprises multiple servers operating in horizontal scaling configuration, allowing for dynamic response to load changes while maintaining consistent security. These servers maintain direct connections to our Redis cache, optimizing performance while operating behind a robust Web Application Firewall.
Our Worker Tier handles background processing through a distributed network of servers, each maintaining secure connections to both our database and S3 storage systems. This tier scales automatically based on workload demands, ensuring consistent performance without compromising security. The separation between web and worker tiers provides an additional layer of security through compartmentalization.
The Database Tier centers around a PostgreSQL implementation with comprehensive security measures. All data remains encrypted at rest, with point-in-time recovery capabilities ensuring data resilience. The database maintains secure connections exclusively with authorized application tiers, preventing unauthorized access while enabling efficient data operations.
The integration of Screendesk into customer helpdesk systems represents a crucial security junction. Our application establishes secure communications through consistent HTTPS/TLS 1.2+ protocols, creating a trusted channel between customer systems and our authentication layer. This integration ensures seamless operation while maintaining rigorous security standards.
Video conferencing follows a carefully designed security path. When a Support Agent initiates a call, the request flows through our helpdesk integration to Whereby's secure video service. Video recordings move directly to Screendesk's S3 storage, eliminating security vulnerabilities that could arise from intermediate storage. This direct path ensures data integrity while maintaining performance.
Screen recording processes follow similarly secure paths. Transmissions flow directly to S3 storage with encryption both in transit and at rest. Our regional storage system respects customer preferences and data sovereignty requirements, storing data in either EU or US regions as specified.
Screendesk's authentication system integrates multiple secure protocols to ensure comprehensive access control. Enterprise customers benefit from SAML 2.0 integration for single sign-on capabilities, while SCIM protocols automate user management securely. Multi-factor authentication adds an essential security layer, with internal users receiving additional protection through Google Workspace SSO integration.
All communications within the system employ TLS 1.2+ encryption, ensuring data privacy during transmission. Our strict HTTPS-only policy combines with Web Application Firewall protection to create a robust security perimeter. For administrative access, IP whitelisting provides an additional security layer, restricting system access to authorized locations only.
Our data management strategy emphasizes security and sovereignty. Regional deployment options in both EU and US territories allow customers to maintain compliance with local data protection regulations. All recordings stored in our S3 system remain encrypted at rest, with access strictly controlled through our authentication layers.
The platform maintains a strict data deletion policy, implementing true hard deletes with a maximum retention period of five days. This policy ensures that when data deletion is requested, it is completely and verifiably removed from all storage layers. Our comprehensive logging and monitoring systems track all access and changes, maintaining an audit trail while enabling real-time threat detection.
Regular security reviews and quarterly access audits maintain the integrity of our security systems, while continuous WAF monitoring provides protection against emerging threats. This multi-layered approach to security and compliance ensures that Screendesk maintains the highest standards of data protection while providing essential services to our customers.