← Back

Security & Architecture

Last updated: February 20, 2026

This page describes the technical architecture of MonkeyThorn Meet so you can evaluate whether it meets your security requirements.

Encryption

Transport encryptionTLS 1.3 for all HTTP/WebSocket connections. DTLS-SRTP for all WebRTC media.
End-to-end encryptionAES-GCM via WebRTC Insertable Streams. Enabled by default using a passphrase in the URL fragment (never sent to server).
Key exchangePassphrase-based. The passphrase is included in the invite link's hash fragment, which browsers do not transmit over the network.
Server access to mediaWhen E2EE is active, the server relays encrypted frames it cannot decrypt. Without E2EE, the SFU has access to unencrypted media for routing purposes only — it does not store or process it.

Infrastructure

HostingAWS EC2, US East (N. Virginia). Single-tenant instance — not shared with other customers.
Media serverLiveKit — open-source WebRTC Selective Forwarding Unit (SFU). No proprietary media processing.
TLS certificatesIssued by Let's Encrypt, managed by Caddy with automatic renewal.
Recording capabilityNot installed. LiveKit supports recording via its Egress service, but we do not deploy it. There is no mechanism to record calls.
AI/ML processingNone. No transcription, sentiment analysis, or model training services are deployed or connected.

Data Flow

  1. Your browser connects to our server via HTTPS to get a session token (JWT).
  2. Your browser establishes a WebSocket connection to the LiveKit server for signaling.
  3. Media (audio/video) flows via WebRTC directly to the SFU over DTLS-SRTP.
  4. With E2EE enabled, media frames are encrypted in your browser before being sent. The SFU forwards the encrypted frames without decryption.
  5. When the call ends, all session state is discarded. Nothing is written to disk.

What the Server Knows

Your IP addressVisible during the connection (required for WebRTC). Not logged beyond standard infrastructure operation.
Room existenceThe server knows a room exists while it has active participants. Room names are random 9-character codes.
Participant countThe server knows how many participants are in a room (required for routing media).
Call durationFor paid accounts, connection duration is tracked for billing. For free tier, not tracked server-side.

What the Server Does Not Know

  • Your name (display names are not logged)
  • Who you called (participant identities are not logged)
  • What you said (media is not processed or stored)
  • What you typed in chat (data channels are not logged)
  • Your E2EE passphrase (URL fragments are never transmitted)

Third-Party Dependencies

  • LiveKit (open source, Apache 2.0) — Media routing
  • Stripe — Payment processing only
  • Redis — In-memory room state (no persistent storage)
  • Caddy — TLS termination

No analytics SDKs, no tracking scripts, no external fonts, no CDN dependencies beyond what is bundled in the application.

Vulnerability Reporting

If you discover a security vulnerability, please contact MonkeyThorn Meet support. We will respond within 48 hours.