Skip to main content

Our Security Standards

We secure your conversations with enterprise-grade encryption, rigorous access controls, and continuous monitoring.

Encryption

  • At Rest: All recordings, transcripts, and metadata are encrypted using AES-256.
  • In Transit: All data moving between your device and our servers is protected by TLS 1.3.
  • Keys: Database encryption keys are managed via a secure Key Management Service (KMS).

Access control

Harmony uses a strict permissions model to ensure users only see what they are supposed to see.

  • Owner/Admin Full access to workspace settings and billing. Can view all team recordings if configured.
  • Member Can record meetings and view recordings shared with them or their team.
  • Viewer Read-only access to specific shared links. Cannot record or edit.

Single Sign-On (SSO)

Enterprise customers can enhance their organization's security by enforcing SAML 2.0 Single Sign-On (SSO). With SSO enabled, users authenticate using their company’s identity provider, centralizing access control and streamlining the login process. Harmony supports a range of popular SSO providers, including Okta, Google Workspace, Azure Active Directory, OneLogin, as well as any custom SAML-compliant system.

When SSO is enforced, user provisioning becomes automated through Just-In-Time (JIT) creation and group mapping, allowing users to be added to the platform automatically as they log in, and to be placed in the appropriate teams or groups according to the identity provider's settings. This not only reduces administrative burden, but also ensures that access permissions remain up to date as employees join, move between, or leave teams.

For maximum security, enterprise administrators can configure accounts such that all users must sign in through SSO, effectively disabling legacy username/password access. This minimizes the risk of credential theft and helps organizations meet compliance requirements for secure identity management.

Infrastructure security

Cloud Provider: Harmony is hosted exclusively on leading cloud platforms—Amazon Web Services (AWS) and Google Cloud Platform (GCP)—leveraging their robust physical security, automated redundancy, and disaster recovery capabilities. Both platforms maintain independent SOC 2 Type II certifications, ensuring compliance with industry standards for security, availability, and confidentiality.

Network Security: All network traffic is continuously inspected and protected by a multilayered security stack, including Web Application Firewalls (WAF) to block malicious traffic, enterprise-grade Distributed Denial-of-Service (DDoS) mitigation services to prevent service disruptions, and real-time intrusion detection/prevention systems (IDS/IPS) that monitor for suspicious activity and policy violations 24/7.

Audits & Testing: Our infrastructure undergoes regular security audits, including scheduled third-party penetration testing by independent cybersecurity firms. We also perform automated and manual vulnerability scans covering application, network, and infrastructure layers to proactively identify and address potential risks before they can be exploited.

Certifications: Harmony is currently in the process of obtaining SOC 2 Type II and ISO 27001 certifications. Our security controls and processes are already built to meet the requirements of both frameworks, and our formal audit is underway. Learn more.

Incident response

In the unlikely event of a security incident:

  • We have a 24/7 security response team.
  • We commit to notifying affected customers within 72 hours of a confirmed breach.
  • We maintain a transparent status page for system availability.

Report a vulnerability: If you find a security issue, please contact [email protected]. We maintain a responsible disclosure program.