Is Jitsi safe enough for therapy?

Hello!

I live in Denmark and want to offer online psychological counselling and therapy through videochat. I have to comply with GDPR and I have to make sure everything is absolutely private. Jitsy looks like it’s perfect - almost too perfect. I have read the privacy terms, but I’m still not sure. So…

Is the videostream in Jitsi Meet as protected as say GoToMeeting or Appear.in? Because I know we are allowed to use those…

your asking a legal question to a group of techies, not lawyers, but let me point out that when you send the initial room invite it IS encrypted and the entire video and audio streams are also encrypted. That’s the https standard. But as you know lawyers can’t agree and can sue for even bogus reasons. Ask whatever group that certifies head doc’s in your country if they consider https encryption reasonable effort. Do it in writing, then show it to your lawyer. You can then show reasonable care was taken.

Good luck

Yeah, I am. Maybe I should have been more specific, because I don’t think my organisation will have the knowledge, I seek. My question pertains to among other things data collection and storage: Does anyone track or collect data from jitsi? Is it possible to trace calls or callers? Where is the data stored? Who has jurisdiction over the data? If I want to retrieve any stored data, who do I contact? If I start a videochat, where does the stream go, between me and my client… through any private servers or is it just peer-to-peer directly?

Https is used for the signalling part. The media path is not the same and for that part a standard browser API called webrtc is used, more information for its security you can read here: https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-19. This is the same API and security used by the other software products mentioned in the first post.
The data collected is just media statistics which can be used to analyze call quality and service performance. For that on meet.jit.si we use https://callstats.io, for its data storage you can check their website, they are GDPR complaint. No personal information is either collected or stored.
About where does the media flows: if there are 2 participants if possible media will go directly if not a relay server can be used. When there are more than 2 participants the media flows between the participants and jitsi-videobridge.

2 Likes