Tandem encrypts all communications between servers and clients (chat, data and voice / video) using technologies like SRTP, SSL, and WSS. All of our servers and critical services are secured using 2-factor authentication, and all calls smaller than 5 participants are automatically end-to-end encrypted. Tandem has limited visibility into your apps (only window names, titles & urls) and does not transmit any app data other than what appears to your team.
We use WebRTC for our audio and video streams and HTTPS / WSS for our transport protocols, so the communication we transmit is always encrypted end-to-end. Because we focus on real-time communication, we simply pass through and don’t record your communications, sites, or apps. So there’s very little of your data for a hacker to steal - infinitely less than a document or chat product. (note: We do have direct-messages and in-call chat but it's not the focus of the product. For example, in-call chat will disappear after the call ends).
For performance, small group communication is done over peer-to-peer connections, which is even more secure, as there’s not even a processing server involved in the data flow.
We only show context in a set of work-related apps, and we give users control over what they share with their team.
To get more specific:
We take our users privacy very seriously. We will never eavesdrop on their conversations or record them without their knowledge. We will never store their work data other than information that they voluntarily share with us. We collect data about how our features are used and any errors users encounter for sole the purposes of making the services better and will not be sold for any reason or shared with a third party without the user’s permission.