We built Desklia with security as a first principle — not an afterthought. Here's exactly how we protect your applications and your data.
All screen and input data is transmitted via WebRTC with DTLS-SRTP encryption. This means your stream is encrypted directly between your machine and the viewer's browser — our servers never see the content of your sessions.
Desklia uses Google OAuth 2.0 for user login — we never store passwords. Agent tokens are hashed with bcrypt before being stored in the database, and Personal Access Tokens (PATs) are used for agent registration rather than raw credentials.
Every endpoint is protected by rate limiting. Authentication attempts are tracked and throttled to prevent brute-force attacks. Connection limits per user prevent resource abuse.
All web traffic is served over HTTPS with strict TLS. HTTP Strict Transport Security (HSTS) headers are enforced. Content Security Policy headers prevent XSS attacks by restricting which resources browsers can load.
Desklia operates on a peer-to-peer model. The content of your sessions — your screen, your keystrokes, your files — is never routed through or stored on our servers. We only store what's necessary to run your account: your email, subscription status, and session metadata.
Found a security vulnerability? We take all reports seriously. Please disclose responsibly by emailing us directly — we'll respond within 48 hours.
Report a vulnerability