Stream | Trust Center
Stream Trust Center
Keeping our customer data safe and secure is our top priority. We take threats very seriously and work hard to protect our customers and their data. Stream uses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss. All Stream employees undergo background checks prior to employment and are trained on security and privacy best practices during company onboarding and on an annual basis. Security is directed by Stream’s VP of Information Security, and all the teams within Stream collaborate and share responsibilities to continuously improve our security posture.
See certifications

Compliance

SOC 2 Type 2

A SOC 2 Type 2 report is an internal controls report that captures how a company protects customer information and how well those controls are working. Stream maintains an annual SOC 2 Type II report.

ISO 27001

ISO/IEC 27001 is an international standard for managing information security. Stream is ISO 27001:2022 certified.

GDPR

The GDPR (General Data Protection Regulation) is an EU regulation that significantly enhances the protection of the personal data of EU citizens and increases the obligations of organisations that collect or process personal data. Stream is GDPR compliant.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring national standards to protect ‘Protected Health Information’ (PHI) from being disclosed without the patient's consent or knowledge. Stream is HIPAA compliant.

CCPA

The California Consumer Privacy Act (CCPA) establishes and enhances consumer privacy rights for California residents and imposes rules on businesses that handle their personal information. Stream is CCPA compliant.

Resources

ISO 27001 Certificate

Stream currently complies and is certified for ISO 27001:2022. Our ISO 27001 Certificate is available for download.

ISO 27001 Report

Stream is audited annually for compliance with the ISO 27001 standard. The audit is performed by A-lign. Our latest ISO 27001 Report is available for download.

SOC 2 Type II Report

Stream is audited as part of SOC 2 compliance to attest to the excellence of our controls in the domain of security. The audit is performed by A-lign annually, with a yearly audit window. Our latest SOC 2 Type II Report is available for download.

Security, Compliance & Privacy FAQ

Please download our FAQ document to see the answer to the most frequent Security, Compliance, and Privacy related questions.

Stream Subprocessors

Terms & Conditions

Privacy Statement

Cookie Statement

Data Processing Addendum

FAQs

Yes, Stream complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). For further information, please refer to the Data Privacy Framework List: https://www.dataprivacyframework.gov/list
Yes, Stream complies with the Security Rule, Privacy Rule and Data Breach Notification Rule as specified by the Act. Furthermore Stream has implemented adequate technical controls to ensure compliance with the mandatory rules.
Stream is ISO 20243 certified, in addition to the certifications mentioned above. The register is available here: https://certification.opengroup.org/register/ottps-certification (Stream.io, Inc)
Please note that Stream's default terms and conditions do not allow Customers to process PHI by default. Should you need to process PHI, please reach out to your Stream representative and we will provide further instructions on the next steps.
We provide API endpoints that allow each Customer to always access their data, delete it, edit it and otherwise manage it.
In order to perform security testing against Stream systems and applications, it is necessary to get written authorization from Stream and agree on the Rules of Engagement. Performing security testing without authorization might trigger controls (i.e., rate limiting, WAF) aimed at preventing too much traffic or malicious traffic.
Stream does not natively support E2EE. However, it is still possible to implement it using an external library. See the following page for more information: https://getstream.io/blog/hipaa-chat/ and https://github.com/GetStream/stream-e2ee-chat/ Should you have further questions or need more details on Stream's Security posture, please reach out to your Stream representative.

Monitoring