Security & Privacy
Where does your system run and where is data housed?
Switchboard uses modern, hosted, cloud infrastructure for all its services and storage.
Are you SOC 2 compliant? What about ISO 27001, HIPAA, ...?
Switchboard has been certified as SOC 2 type 2 compliant. A report is available to customers upon request by emailing firstname.lastname@example.org.
If your company requires ISO 27001, HIPAA, or other compliance standards, we would love to hear more. Please email us at email@example.com.
Has your infrastructure undergone a penetration test?
Yes. A report is available to customers upon request.
What kind of data do you store? What do you do with the data?
How do you secure my data?
All traffic between your client and our infrastructure is encrypted in flight. All data stored in our infrastructure is encrypted at rest. We use state-of-the-art algorithms and key management and regularly audit our configurations.
What kind of access do you have to my sessions and data? How can I trust that you won't do something you shouldn't?
Switchboard designs its systems according to the Principle of Least Privilege. Switchboard uses state-of-the-art tools to lock down its systems. Only in response to specific incidents or customer-support requests, only for a limited scope and duration, and only after a strict approval procedure, may an incident responder access internal infrastructure.
We believe that trust is hard to earn and easy to lose, and we encourage customers to trust, but verify. We're happy to walk customers through our policies and access controls.
Do you sell my data?
No, and we never will. Switchboard is an old-fashioned company that asks our customers to pay us in return for providing the value of a useful service.
Can I self-host Switchboard on my own infrastructure?
Not yet. If you're interested in this feature, please email us at firstname.lastname@example.org.
How can I report a security issue?
Thank you for taking the time and effort to help us improve security. Please email your report to email@example.com.
Workspaces, rooms, and content
Who can join my Switchboard workspace?
Switchboard requires all users to authenticate themselves using either OAuth 2.0 or email address and email code verification.
You can invite full members to your workspace specifically by email address, you can approve email domains so that anyone with a validated address can join as a full member, and you can additionally invite specific people as limited members to individual rooms.
Who can see and join my workspace rooms?
Full members of your workspace can join all public rooms. Private rooms can only be joined by invitation.
Limited members can only join the rooms that they've been specifically invited to.
One-time guests can join a room only: (i) specifically by confirmation from a room member or limited member already in the room; (ii) for the duration in which a room member or limited member is in the room.
What happens when a person is removed from my workspace or a room?
When a person is removed from a workspace, they can no longer browse or join any rooms in the workspace. Any content that they've uploaded to rooms remains until deleted by another user. However, the removed person can no longer access any content in the workspace.
When a person is removed from a private room, or a limited guest is removed from a room, the person can no longer see or join the room. Content they've added to the room remains, and they can no longer access it.
If I add documents, notes, annotations, or other content to a room, who can access it?
Any workspace member, limited room member, or one-time guest can view rooms' documents. They can also view and edit notes and other content. One-time guests can only view chat messages that were sent after they joined the room.
Access to documents and other content is only allowed from inside a room, so the room access model (see above) gates access to content.
What happens when I delete a document, note, or other content from a room?
Immediately after deletion in the UI, the deleted content is no longer accessible from within the room. The content's underlying storage is eventually permanently deleted. We are in the process of complying with GDPR, CCPA, and other relevant regulations. If you have further questions about this, please email us at firstname.lastname@example.org.
What happens when I archive a room?
When you archive a room in Switchboard, the room becomes inaccessible to all users. All content in the room is preserved securely in the event the the room needs to be unarchived in the future. Note: viewing a list of archived rooms and the ability to unarchive rooms is currently not implemented but is on our roadmap.
What happens when I delete a workspace?
To delete a workspace from Switchboard, email our support team at email@example.com. Once we process your request, your workspace and all associated data will be removed.
When I add my calendars to Switchboard, who can access them?
Interfacing directly with the multitude of calendar APIs and services is extremely complex and error prone. So to provide an optimal user experience and cost-effective service, Switchboard works with a third-party vendor to manage calendar access. Like Switchboard's other service vendors, our calendar service adheres to as strict or stricter security, privacy, and compliance standards as Switchboard itself.
When your calendar data is in flight through Switchboard infrastructure, it is protected by all the security and privacy controls described here. Additionally, Switchboard does not store any calendar event data in its infrastructure.
Can other users see my calendar data?
No. Within your Switchboard workspace, your calendar data is private to you.
Outside of Switchboard, you of course may add invitees to events or otherwise share your calendar.
When I disconnect my calendars from Switchboard or my workspace is deleted, what happens to my calendar data?
When you disconnect your calendar from all linked Switchboard workspaces, we immediately remove any access tokens related to your calendar account. At that time, all calendar data is queued for deletion and processed within 3 days. The same process is used in the event that your account is deleted as part of a workspace deletion.
When I open a link in a Switchboard room, who can see the browser on canvas?
Initially, everyone else present in the room can see the browser. You can choose to hide the browser from everyone other than yourself.
Who can control my browsers?
For sites like Wikipedia, news outlets, simple single-player games etc., everyone present in a room can view open browsers unless the content has been hidden by the browser owner. Browser owners can keep their browsers in this “View Only” mode, or they can provide “Shared Control” permission so that anyone in the room can interact with a particular browser. When a browser is set to “Shared Control” there is only one scroll position, focus of input events, state of the DOM, etc for everyone in the room. If anyone in the room scrolls the browser, for example, then everyone else in the room sees the scroll position update in real time. Shared control lasts until the browser owner removes the permission (with a simple toggle) or until the end of the current Switchboard session. Shared control ends immediately if the browser owner leaves the room. A vast majority of content on the web works well in this co-browsing experience.
However, many of the modern web apps you frequently use are "multiplayer." That is to say, multiple users can view and control the same underlying resource at the same time; for example, a Notion page or Google doc. When multiple users are viewing or editing the same resource concurrently, the app UI shows presence indicators for the other users like avatars, pointers, carets, and so forth.
Switchboard handles multiplayer apps specially. When you want to control a multiplayer browser that you didn't add to the canvas yourself, you will get your own view and control of the shared resource (again, think of a Notion page or Google doc). Then anyone else viewing the shared resource will see your presence indicators in the UI, and you are free to edit, scroll around, etc in the shared resource without affecting the views of others. Alternatively, a browser owner can also choose to give Shared Control permission to a browser running multiplayer site if that experience is desired.
Can someone control my browsers when I leave a room?
No. When you leave a room, your running browser instances are destroyed. If you later rejoin the room, the browser instances are launched again by default. Only the URL and a small amount of associated metadata are stored on Switchboard infrastructure while you're not in the room.
What happens when I log into a browser in Switchboard? Do you record my keystrokes?
Your client connects to the browser instance running in Switchboard's infrastructure. Your client captures input events targeted at the browser on canvas and forwards them to the cloud browser instance. All traffic is encrypted in flight. When the forwarded input events enter Switchboard's infrastructure, they are protected by all the security and privacy controls described here. In particular, they are never recorded by Switchboard. This is very similar to how a secure remote-desktop system works.
Do you store my passwords?
No, Switchboard never stores any data you enter into browsers.
Can other users see my passwords when I enter them?
No. Switchboard automatically hides your entire browser whenever a password input field is focused.
It's still possible to accidentally reveal sensitive information to other people present in a room — just like in a Slack channel or any other communication tool — so use judgment in whom you invite to rooms, and common sense in what you share.
Do you store cookies and other browser state?
Switchboard stores cookies and local storage items securely within Chrome’s encrypted cookie store, as it would locally on your browser. We take additional security precautions by encrypting the storage volumes that contain the already encrypted cookie store. No cookies or local storage items are ever stored in plain text either at rest, or in flight. Additionally, Switchboard’s infrastructure is designed such that no part of Switchboard can ever access your encrypted profile, other than Chrome itself, which is already highly secured to store cookies.
Do I have to log into websites every time I join a room?
No. When you log into a website within a browser, your encrypted storage volume is mounted, and Chrome uses your encrypted cookies as it would locally on your browser.
How are my browsers isolated from other users'?
Switchboard applies the principle of Defense in Depth to isolate your browsers. Browsers' web content run in hardened web runtimes and virtual machines within operating-system sandboxes. Browsers are further isolated in "containers", using additional kernel protections.
In no case do browser instances for different users ever share data, other than through user actions taken through the web apps themselves (such as collaborating on a Notion page, for example).
Follow and Present
How do Present and Follow work?
At any time, anyone in a room can present their view of the canvas to other people in the room. This means that others in the room will see the presenter's view of the presenter's multiplayer browsers. However, the people being presented to (i) cannot control the canvas or browsers; (ii) cannot not see browsers that the presenter has hidden.
At any time, anyone in a room can follow another person to see their view of the room. This is like a 1:1 Present Mode initiated by the follower instead of the presenter. The same restrictions apply as for Present Mode.
Do Present and Follow expose data or control to others in the room?
A presentee or follower is not allowed to control a presenter or followee's view of the canvas. Another person in a room might follow you without your knowledge; you might find this surprising in some cases.
Next time you’re trying to get something done, instead of talking about getting something done just do it in Switchboard.