← Back to Getting Started

Data privacy and compliance

How rtcStats handles data privacy, GDPR compliance, and data sovereignty for WebRTC metrics.

Privacy is a core design principle of rtcStats. The platform's architecture is built to ensure you can collect and analyze WebRTC metrics without compromising user privacy or violating data protection regulations.

Privacy by design

rtcStats uses a three-layer architecture specifically designed with data sovereignty in mind:

  1. Collection (rtcstats.js) - collects raw metrics in the user's browser
  2. Mediation (rtcstats-server) - runs in your infrastructure, giving you full control over what data leaves your environment
  3. Analysis (rtcstats.com) - receives only the data you choose to share

This means you decide what gets sent to rtcstats.com - and what stays within your own infrastructure.

Data anonymization

By default, rtcstats-server anonymizes all data that is sent by rtcstats-js clients.

Anonymization includes obfuscation of all IP addresses prior to saving rtcstats files to storage. This ensures that any and all data stored by rtcstats-server does not contain PII. This also means that any files uploaded via rtcstats-server to rtcstats.com are anonymized as well.

What data does rtcStats collect?

rtcStats collects the data via rtcstats-js client SDK. This includes:

  • WebRTC getStats() metrics (technical, non-PII by nature)
  • Trace events (ICE candidates, SDP, state changes)
  • Device information (camera, microphone, speaker names)
  • Network information (IP addresses, candidate types)
  • What is NOT collected (audio/video content, screen content, chat messages)

On the wire, data is always sent via a secure WebSocket from the rtcstats-js client to the rtcstats-server.

IP addresses are exposed in getStats() and trace events. These are anonymized by rtcstats-server and are never passed to rtcstats.com.

Data residency

rtcstats.com stores the data in a US data center, using a reputable IaaS provider.

The data itself is encrypted at rest as part of the database configuration.

Enterprise accounts have an alternative self-hosting storage option available.

Data retention

Data retention depends on your plan:

  • Free: 1 month
  • Developer: 3 months
  • Enterprise: 3 months (custom retention available)

After the retention period, files and analysis results may be permanently removed from the system. There is no guarantee as to the time of removal.

Self-hosted deployment

For organizations with strict compliance requirements, the entire collection and mediation layer can run within your infrastructure. Only analyzed results (with anonymized data) need to reach rtcstats.com - and even that is optional.

Questions?

If you have specific compliance or data privacy questions, contact us. We're happy to discuss your requirements and provide documentation for your compliance team.

Was this page helpful?

Previous Article

Embeddable viewer

Embed rtcStats session analysis directly in your own dashboard or support tools.