ArborXR Security Information
As part of our
Enterprise Plan, we offer the ability for you to connect your own cloud storage system to completely isolate your content from other content on our platform. This supports any system compatible with the Amazon S3 APIs.
- Content uploaded to ArborXR (apk, mp4, etc.) are stored encrypted at rest in a private cloud storage bucket.
- Content is stored privately and is not available on the public internet.
- Each action of uploading and downloading content generates an API key with a short expiration that can only be used for downloading or uploading that specific file.
- Content downloads and uploads are done over an SSL connection using HTTPS.
- We currently do not offer a DRM solution so content installed on the VR device are using the security offered natively by the VR device.
- All authentication is run through a central server that utilizes OpenID Connect.
- The ArborXR web interface and desktop Pairing App uses OpenID Connect with a short term refresh tokens that last less than 24 hours and generates very short term access tokens from these.
- Our Client App, installed on VR devices, use offline tokens for refreshing but the same short term access tokens.
- All tokens can be revoked via the ArborXR web interface.
- Our authentication system can integration with existing identity providers and user federation with LDAP or Kerberos.
API / Infrastructure
- All of our infrastructure is hosted on Google Cloud.
- All of our databases and systems are encrypted at rest.
- We do all of our API communication over SSL using GraphQL.
- All databases and internal systems are not accessible to the public web - only our public web applications and an API gateway service.
Have a suggestion or feature request? We'd love to hear!