Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Whereby

VERIFIED
Video conferencing · Norway
Founded 2013 · whereby.com ↗

Norwegian browser-based WebRTC video (ex-appear.in, Videonor-owned), no-install meetings + Embedded SDK; ISO 27001 + GDPR + HIPAA.

In short

Whereby, in the Video conferencing category, is a European service with Ireland as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

Whereby (originally appear.in, spun out of Norwegian telecom Telenor as a summer intern project and now owned by Videonor, a Norwegian entity) is a browser-based WebRTC video-calling platform without installs or accounts at the meeting-attendee level; ISO 27001 certified, GDPR and HIPAA compliant, sold as both consumer-style Whereby Meetings and Whereby Embedded (API/SDK for product builders). Norway holds an EU adequacy decision (SCC-free EU↔NO transfers). CLOUD Act flag held at minor reflecting the likely AWS-EU backend (Telenor itself has expanded sovereign-cloud partnerships with AWS) and the absence of explicit hosting-provider disclosure at audit: EU-adequate jurisdiction, ISO 27001 certified, public DPA, but hosting provider not publicly disclosed and no confirmed EU ownership.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 none disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Whereby

Whereby is a Norwegian browser-based video-meeting platform originally launched as appear.in in 2013 as a summer-intern project inside the Norwegian telecom group Telenor. The product grew a strong user base internationally before being spun out and acquired by Videonor (a Norwegian holding entity) with the brand renamed to Whereby. The core proposition is unusual in the video-conferencing category: no installs, no accounts for meeting attendees, just a URL that opens in any modern browser via WebRTC. The product surface is two-tier: Whereby Meetings for individuals and teams (consumer + business plans), and Whereby Embedded, an API/SDK that lets product builders embed Whereby's WebRTC video into their own applications, competing directly with Twilio Video, Daily, Agora, and Zoom SDK.

Compliance posture is solid for a consumer-friendly video tool: ISO/IEC 27001 certified, GDPR-compliant by design, HIPAA-compliant for US-healthcare customers, and a privacy-first product philosophy carried over from the Telenor engineering culture. The legal entity sits in Norway (EEA member, EU adequacy decision under Art. 45 GDPR, SCC-free for EU↔NO transfers). The underlying infrastructure is not publicly named at audit but, given Telenor's well-documented AWS sovereign-cloud partnership (Telenor's Skygard data centre in Oslo runs AWS sovereign-by-design technology), the most-likely scenario is AWS Stockholm or similar EU-region, which keeps the CLOUD Act flag at minor rather than none under the directory's strict-ownership stance.

Pricing is freemium with a long history of generous free tiers (free unlimited 1-on-1, free group meetings up to 45 minutes); paid plans add custom rooms, branding, longer meetings, advanced controls, recording, and analytics. Embedded pricing is usage-based per video-minute. Best fit: agencies and consultancies needing easy no-install client video calls, educational and healthcare workflows that benefit from no-account meetings, developers building video into their own products via Embedded, and Norwegian / Nordic / European buyers who specifically want a Norwegian-rooted EU-friendly alternative to Zoom and Google Meet.

SUB-PROCESSORS

Sub-processor map · none disclosed

Source ↗
Vendor discloses zero sub-processors. All data processing happens in-house.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Self-hostable No
Max participants 200 participants
Screen sharing Yes
Recording Yes
End-to-end encryption No
Breakout rooms Yes
Browser join (no app) Yes
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

  • Data Processing Addendum (DPA)
    whereby.com/information…
    Open ↗
  • Sub-processors list
    whereby.com/information…
    Open ↗
  • Terms of Service
    whereby.com/information…
    Open ↗
ALTERNATIVES

Alternatives in this category

Element (Matrix)
United Kingdom · Founded 2017
EU-HOSTED

UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
kMeet (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Free Swiss browser-based video meetings (Infomaniak, Geneva, since 1994); no guest account, own Swiss DCs, ISO 27001, no CLOUD Act.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
NONE
Olvid
France · Founded 2019
EU-BASED

French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.

Public DPA Sub-processors Open source
FROM
€10/mo
CLOUD ACT
MINOR