Security & Safety Commitment

At GoMyID, security is not an optional feature — it is the foundation of our entire platform. Our remote access technology is designed with strict safety principles, advanced encryption, and strong access control mechanisms to ensure that only the right people can access the right devices at the right time. This page outlines our approach to preventing misuse, protecting user data, and ensuring that the platform cannot be exploited for unauthorized or harmful purposes.

Only Authorized Users Can Connect

GoMyID implements a strict authorization model where every action, every connection attempt, and every session request must originate from a verified account inside the customer’s own environment. No third party can initiate a connection, impersonate an operator, or acquire access without authenticated credentials. Each user is bound to a controlled identity within the organization, and administrators maintain full visibility over who is allowed to access specific machines, departments, or teams.

Unlike open or public remote-access systems, GoMyID never exposes machines or endpoints to the open internet. The platform is structured so that only pre-approved operators can send a connection request, and only systems registered to the same organization are visible. This ensures that the remote access surface is extremely narrow and cannot be discovered or approached by outsiders.

Authorization rules can be customized to match internal compliance policies, ensuring that sensitive devices, servers, and business-critical machines are protected by strict permissions. Logging, identity verification, and audit trails further reinforce the rule that unauthorized access simply cannot occur within the GoMyID architecture.

Every Session Requires Explicit Permission

Remote access cannot begin without a clear and deliberate approval step. GoMyID does not allow silent, invisible, or automatic connections into a user’s device. Before any session starts, the receiving side must explicitly grant permission, confirming that the session is expected, legitimate, and authorized. This human verification process prevents misuse, protects end-users, and complies with industry expectations for consent-based remote access.

In corporate environments, administrators can enforce additional confirmation rules such as multi-factor approval, department-level authorization chains, or limited-time access windows. These measures ensure that even authorized operators cannot initiate a connection without device-owner awareness and consent.

This design principle is a crucial part of our safety philosophy: remote access should always be transparent, intentional, and controlled. Nothing inside the platform allows a hidden or background session to begin without the user knowing and approving it.

Encrypted Communication (AES-256)

All communications — including screen data, keystrokes, file transfers, commands, and audio — are encrypted using AES-256 bit transport security. This is the same encryption standard used by leading financial institutions and government-grade communication systems. Every session is wrapped inside a secure tunnel that protects the integrity and confidentiality of the data.

We do not rely on outdated ciphers, insecure fallback protocols, or weak encryption configurations. Encryption keys are never shared between clients, and each session uses its own unique key material, preventing any form of interception or replay attack. Modern forward-secrecy mechanisms ensure that even if a key were somehow compromised, previous sessions would remain protected.

Our encryption model is designed for both cloud and self-hosted environments. Self-hosted customers retain full data sovereignty because all encrypted traffic stays inside the organization’s infrastructure. No unencrypted data, session metadata, or connection content is ever accessible to GoMyID or any third party.

We Do Not Enable Remote Access by Default

One of the most important safety principles of GoMyID is that devices do not become remotely accessible automatically. When GoMyID Agent is installed on a computer, it does not open ports, does not broadcast availability, and does not activate any form of unattended access unless the administrator explicitly enables it.

This prevents accidental security exposure and eliminates the risk of unintended remote access. Administrators must configure and approve which devices can be reached remotely, what type of sessions are allowed, and under which conditions remote access becomes active.

New devices added to the system remain in a "restricted" state until access policies, authorization rules, and operator permissions are configured. This ensures that organizations maintain complete control from the moment GoMyID is deployed. Nothing within our platform automatically grants access or bypasses security checks.

No Anonymous Access, No Public Servers

GoMyID does not support anonymous accounts or shared generic identities. Every user is tied to a verified profile with identifiable credentials, ensuring strong accountability across the system. This prevents misuse, reduces security risks, and provides transparent auditing for compliance requirements.

Furthermore, GoMyID does not operate public relay servers where unknown users can connect freely. All communication happens within the boundaries of the customer’s cloud workspace or self-hosted infrastructure. Public indexing, public networks, or open discovery mechanisms do not exist in our system. This eliminates common attack vectors associated with exposed remote desktop systems.

By eliminating anonymity and removing publicly accessible endpoints, GoMyID ensures that remote access remains a controlled, private, and organization-bound process. External attackers cannot scan for open ports, cannot find reachable targets, and cannot exploit public servers — because none of these components exist in our architecture.

Privacy-by-Design Architecture

Our platform follows a strict privacy-by-design philosophy. From day one, the goal has been to provide remote support and monitoring capabilities without ever violating user privacy, exposing personal data, or collecting content that is not essential for the functioning of the service.

We do not store session recordings, keystrokes, screen content, or personal files unless the customer explicitly enables and configures these features within their own environment. Even when enabled, recorded data is kept entirely under the customer’s control — not on GoMyID infrastructure.

This architecture ensures that organizations can meet internal privacy policies, regulatory expectations, and industry compliance frameworks such as GDPR, ISO-27001, and SOC-2. GoMyID itself does not have operational access to customer sessions or customer data.

Transparent Logging and Full Audit Trails

GoMyID provides detailed logs for every action performed on the platform. Session starts, session ends, permission grants, permission denials, operator activity, file transfers, authorization changes, and administrative actions are all captured inside a structured audit trail.

These logs help organizations:

– Detect unusual behavior
– Investigate issues quickly
– Meet compliance and regulatory requirements
– Ensure that every activity is traceable to a verified user

Audit logs cannot be disabled by operators, and their integrity is protected by built-in safeguards. Administrators maintain control over retention policies, export options, and integration with SIEM systems.

Misuse Prevention as a Core Philosophy

GoMyID is intentionally designed to prevent abuse. Our system architecture, access control model, and permission workflows were built with the understanding that remote access tools must prioritize safety above convenience. While the platform is powerful and flexible, it cannot be used for unauthorized monitoring, secret remote control, or concealed surveillance.

Features such as explicit approval, identity verification, device-owner awareness, logging, and restricted visibility ensure that the product cannot be used silently or without proper authorization. These principles make GoMyID suitable for both corporate environments and regulated industries where transparency and accountability are mandatory.

Conclusion: A Secure and Responsible Remote Access Platform

The core message of GoMyID’s Security & Safety model is simple: We are built to protect, not to be misused. Every layer of our platform — authorization, encryption, identity verification, approval workflows, logging, and infrastructure design — works together to prevent unauthorized access and ensure a fully transparent experience.

Organizations that adopt GoMyID benefit from a controlled, secure, privacy-respecting remote access environment that meets modern security expectations while aligning with compliance standards and responsible usage policies. Whether deployed in the cloud or self-hosted on-premise, the platform provides the safety, control, and trust that businesses require when managing remote operations.