Architecture and security overview
Overview
Meeting Canary is built as a native extension on top of Microsoft Office 365 and the Microsoft Graph. Our architecture is designed with a Privacy-by-Design philosophy, we do not create persistent copies of your meeting content or transcripts. Your sensitive meeting content stays where it belongs; within your existing Microsoft environment, while we provide the intelligence layer to process it in real-time.
Our Azure-hosted bot processes information in real-time. Once a session is complete, no meeting content, transcripts, or personal data are stored on our servers.
Because we are hosted on Azure, all data processing occurs within the same enterprise-grade infrastructure that powers Office 365. We utilize Azure AD (Entra ID) for authentication. Meeting Canary never sees or stores user passwords.
We request only the minimum scopes required via the Microsoft Graph to perform specific tasks, ensuring we never have over-privileged access to your environment. All data in transit between your tenant and our Azure service is protected using industry-standard TLS 1.2+ encryption.
Identity management
Meeting Canary integrates with our customer’s Azure AD for authentication. This means that you are in full control through your Azure AD with regards to password policies, multi-factor authentication, conditional access policies, which users are allowed to use Meeting Canary, etc.
Meeting Canary also allows guests (persons not members of your organization) to be invited to meetings. Guest users are managed in Azure AD through its guest feature. This means that if you don’t allow guests to be invited into your organization, or you have some partial restrictions on guests, those will apply to the use of Meeting Canary, too.
In addition, except for the permissions required to Join Meetings, Meeting Canary only uses delegated permissions for the Microsoft Graph. This means that Meeting Canary always runs in the context of a signed-in user, and the permissions that user has in your Office 365 tenant. See Meeting Canary Microsoft Graph permissions explained for more details on what permission levels are needed.
This also means that no Meeting Canary employees have access to your data.
Meeting content
During a meeting, Meeting Canary has access to the video/audio streams of the participants, this data is used to create insights and measure meeting effectiveness while the meeting is in progress. The raw video, audio or transcript data is never stored or persisted in our database. Only metrics relating to events such as when people joined and left, when people spoke, turned their camera on or off, meeting duration etc. is stored.
- We don’t hold transcripts of meetings.
- We don’t hold audio or video recordings of meetings.
- We don’t hold summaries of meetings. (If enabled for your organisation these are stored in your teams tenant chat, accessible only to those who you give permission to.)
- We don’t hold action points from meetings. (If enabled for your organisation these are stored in your teams tenant chat, accessible only to those who you give permission to.)
- When a meeting has completed, we cannot see, read or listen to what was discussed.
Personally Identifiable Information (PII)
In order to provide the functionality in Meeting Canary and to ensure we show the relevant data to the correct person, we need to be able to identify each meeting participant. We therefore track Participants Name, Email and Active Directory Object ID. This information is never shared with any third party.
Hosting
Meeting Canary is built on top of Microsoft Office 365 but also has Meeting Canary specific services hosted on the cloud platform Azure. These Azure services are all located within Europe and abide by GDPR.
Data storage
Meeting Canary Azure services are used to maintain a database of object relations for objects such as meetings, participants, etc. specific to Meeting Canary.
Encryption
Data in transit is secure using HTTPS/TLS.
Meeting Canary uses Azure Database for data storage and leverages their respective built-in features for encryption at rest and in transit.