1. Introduction

Vedeeo is a SaaS platform that enables businesses with physical showrooms to offer live video consultations to their customers through WebRTC-based video streaming. This compliance document outlines Vedeeo’s approach to legal, ethical, and regulatory requirements across jurisdictions including India, the United States, and Europe. We are committed to data privacy, platform security, and responsible usage in accordance with applicable laws.

2. Jurisdictional Compliance

2.1 India Compliance

- Information Technology Act 2000: Vedeeo adheres to the IT Act and associated rules including intermediary guidelines and due diligence.
- MeitY Guidelines: Vedeeo follows MeitY’s advisory for real-time communication platforms, including data storage norms and safe harbor obligations.
- Digital Personal Data Protection Act (DPDPA): Customer data is collected, stored, and processed with consent and transparency as per the DPDPA.
- Call Monitoring: While video calls are not recorded unless opted in, metadata and call logs are maintained in encrypted formats. Businesses are encouraged to self-monitor agent behavior.

2.2 United States Compliance

- Children’s Online Privacy Protection Act (COPPA): Vedeeo is not directed at children under 13 years of age.
- California Consumer Privacy Act (CCPA): Vedeeo allows California residents to access, modify, or delete their personal data on request.
- Federal Communications Compliance: Live call systems use encrypted WebRTC channels and comply with FCC and FTC guidance for consumer transparency and communication privacy.

2.3 European Union Compliance

- General Data Protection Regulation (GDPR): Vedeeo obtains lawful consent before collecting personal data from EU residents. Users have rights to data access, correction, and erasure.
- Data Minimization: We collect only the data necessary for call facilitation, session feedback, and AI summarization.
- Data Localization: All EU data is processed on GDPR-compliant cloud servers with role-based access.

3. Security Practices

- WebRTC streams use DTLS-SRTP encryption for real-time video and audio.
- Backend services run on secure AWS infrastructure with VPC-level isolation.
- Access to recordings and metadata is restricted based on user roles.
- Regular penetration testing and internal audits are conducted.
- All admin and business-facing dashboards are secured using multi-factor authentication (MFA).

4. Data Retention and Privacy

- Vedeeo retains video call metadata and AI summaries for up to 12 months depending on the subscription tier.
- Audio recordings are optional and stored securely on encrypted S3 buckets.
- Personally Identifiable Information (PII) is never shared with third parties without user consent.
- Customers may request data access or deletion via email or their business dashboard.

5. Lawful Use of Platform

- Businesses must not misuse the video platform for scams, false representations, or abuse.
- Any illegal activity including harassment, impersonation, or recording without consent is prohibited.
- Vedeeo reserves the right to suspend or terminate accounts found in violation of these terms.

For more information, please contact our legal team at hi@vedeeo.com