Zoee was built with privacy and security at the forefront—especially for clients and coaches working in sensitive areas like mental, emotional, physical, or spiritual health. We’ve taken deliberate steps to align with HIPAA best practices.
Video Sessions on Zoee (via 100ms)
Zoee uses 100ms for video sessions. 100ms adheres to rigorous audited standards for data privacy, access, security, and availability.
This includes:
All 100ms calls or data transmissions are conducted through the WebRTC standard, which mandates encryption on all communication channels. All data is encrypted in transit and at rest.
100ms never stores or records audio-video or data streams unless the client explicitly asks 100ms to store recordings. In the most common configuration, recordings are uploaded directly to the customer’s storage bucket—minimizing the collection of Protected Health Information (PHI).
For recordings stored with 100ms, access is strictly controlled to authorized users with audited logs.
100ms has controls and processes in place to monitor and remove any unauthorized access, alteration, or misuse of data, and to prevent unapproved disclosure of confidential information.
100ms never discloses any PHI to third-party providers unless governed by formal disclosure policies.
Zoee ensures that no PHI is included in any 100ms API calls we use.
Additional HIPAA-Aligned Measures at Zoee
In addition to our video provider, Zoee has implemented the following platform-wide measures:
Data encryption: All user data, including session notes and messages, is encrypted at rest and in transit using industry-standard encryption protocols.
Access control: Only authorized users can access sensitive session information. Coaches only see data relevant to their own clients, and clients have full transparency into what’s shared.
Audit logs: Zoee maintains internal logs for access and changes to sensitive session-related data, supporting accountability and traceability.
Secure storage: Files and session recordings (when enabled) are stored in secure, access-controlled environments.
Limited data collection: We collect the minimum necessary information to deliver our services, avoiding unnecessary PHI wherever possible.