Security and Permissions
Use this section when you need to decide who can join meetings, who can moderate them, and who can see the follow-up afterward. These pages connect identity, meeting access, artifact permissions, export rules, and rollout planning in one place.
After you finish this section, you should be able to describe the security boundary for a meeting from the join link through transcripts, summaries, recordings, and downstream sharing.
Wireframes
Section titled “Wireframes”┌──────────────────────────────────────────────────────────────────────┐
│ Hyper app.hyper.video/security/permissions │
├──────────────────────────────────────────────────────────────────────┤
│ │
│ Artifact permissions │
│ │
│ Applies to: recap, transcript, recording, shared files │
│ │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ Audience Members of Product and selected guests │ │
│ │ External share Disabled by default │ │
│ │ Link access Sign-in required │ │
│ │ Retention 180 days for recordings │ │
│ └──────────────────────────────────────────────────────────────┘ │
│ │
│ Exceptions │
│ - Hosts can grant per-meeting access │
│ - Admins can enforce stricter workspace defaults │
│ │
└──────────────────────────────────────────────────────────────────────┘
Admins and meeting owners need a clear view of what can be shared, exported, retained, or revoked.
When to use this section
Section titled “When to use this section”- You need a security review path for video, AI outputs, and recap artifacts together.
- Workspace admins must define what guests, members, hosts, and downstream integrations are allowed to access.
Before you start
Section titled “Before you start”- Set workspace join policy and role model before enabling broad external collaboration.
- Decide whether summaries, recordings, and transcripts share the same audience or need separate controls.
- Document retention, deletion, and export policy before routing artifacts into other systems.
What this section covers
Encryption
End-to-end encryption by default — your meeting content is encrypted before it leaves your device and only decrypted for authorized viewers. No feature trade-offs: transcription, search, and AI work with E2EE.
Permissions
Fine-grained controls over who sees transcripts, recordings, and exports. Per-meeting and workspace-level settings. Guests get only what you share. Admins can enforce org-wide policies.
Compliance
SOC 2 Type II certified, GDPR compliant, and built for regulated industries. On-device AI means less data in the cloud. Audit logs, retention controls, and admin tools for enterprise governance.
Key workflows and controls
End-to-end encryption
- E2EE by default — no opt-in required
- Meeting content encrypted before it leaves your device
- Only authorized participants can decrypt
- No feature trade-offs: transcription, search, and AI work with E2EE
Fine-grained permissions
- Control who sees transcripts, recordings, and exports
- Per-meeting and workspace-level settings
- Guests get only what you explicitly share
- Workspace admins can enforce org-wide policies
Artifact access controls
- Separate controls for transcripts, recordings, and exports
- Restrict access by role, meeting, or workspace
- Audit who accessed what and when
- Revoke access when people leave or projects end
On-device AI processing
- Transcription, translation, and summarization run locally
- Meeting audio and text never leave your machine
- No cloud uploads for AI — complete privacy
- Same accuracy and speed as cloud alternatives
SOC 2 Type II compliance
- Independently audited SOC 2 Type II certification
- Security controls verified by third-party auditors
- Annual audits to maintain certification
- Available upon request for enterprise customers
How the workflow fits together
Encrypt
Meeting content is encrypted on your device before transmission. Keys are derived from your credentials and never leave your control. End-to-end encryption applies to recordings, transcripts, and shared artifacts.
Process locally
AI runs on your device. Transcription, translation, and summarization happen locally — no audio or text is sent to our servers or third-party AI providers. You get full AI capabilities with zero-knowledge architecture.
Control access
You decide who sees what. Fine-grained permissions for transcripts, recordings, and exports. Workspace admins set defaults; meeting owners override per call. Audit logs track access for compliance.
Common starting points
Healthcare teams
- E2EE and on-device AI protect PHI — no cloud processing
- Fine-grained permissions for patient discussions
- SOC 2 Type II and HIPAA-aligned controls
- Audit logs for compliance and incident response
Legal firms
- Zero-knowledge architecture for privileged communications
- Artifact access controls for case-sensitive meetings
- Retention and export controls for discovery
- Client matter isolation via workspace permissions
Financial services
- E2EE by default for confidential discussions
- SOC 2 Type II for regulatory requirements
- Admin controls for compliance and oversight
- Data residency options for regional requirements
Questions that come up often
How does guest access work?
Guests can join meetings with limited permissions. By default, they see only what you share — transcripts, recordings, or summaries. You control visibility per meeting. Guests don't get access to your workspace or other meetings unless explicitly granted.
What are the retention options?
Workspace admins configure retention for meetings, transcripts, and recordings. Options range from immediate deletion after a period to indefinite retention. Exports can have separate retention rules. You control how long data is kept.
Can I export my data?
Yes. Export transcripts, summaries, and recordings in standard formats. Exports respect permissions — you can only export what you have access to. Workspace admins can restrict export capabilities if needed for compliance.
What admin controls are available?
Workspace admins can set default permissions, retention policies, and integration access. Audit logs show who accessed what. Admins can revoke access, disable features, and enforce org-wide security policies. SSO and SCIM available for enterprise.
Are there limitations with E2EE?
We've designed our AI and search to work with E2EE — no feature trade-offs. Transcription, translation, summarization, and search all work with end-to-end encryption because processing happens on-device. Some third-party integrations may have different constraints.
Where is my data stored?
Encrypted meeting content is stored in our infrastructure with geographic controls. We offer data residency options for customers who need data to remain in specific regions (e.g., EU). Contact us for enterprise data residency requirements.
Related tasks
Limitations and rollout notes
Section titled “ Limitations and rollout notes ”- The exact control surface can vary by workspace rollout and deployment requirements.
- External integrations introduce additional policy decisions because artifacts leave the core meeting system.
Troubleshooting
Section titled “Troubleshooting”Security policy feels inconsistent across meeting artifacts
Section titled “Security policy feels inconsistent across meeting artifacts”- Separate meeting access from artifact access in your rollout plan instead of assuming they are the same thing.
- Audit defaults for transcripts, recordings, summaries, and exports individually.
- Review host overrides to confirm they stay inside the bounds your admins intended.