We designed Parsec to be secure at its core. Whether you're working on a top-secret project or playing a game with your best friend, your safety is our top priority.
All connections traveling through Parsec are peer-to-peer. They never transit Parsec's infrastructure, so we couldn't see what you're doing even if we wanted to. Plus, we secure it even further:
We take your personal security as seriously as your connection security.
Block traffic outside your team
Parsec for Teams locks down the people and computers in your organization, giving you total control over who connects to who.Control your organization's connections
Parsec for Teams administrators have access to a robust admin panel where they can create hierarchical roles, manage groups, and get total visibility over Parsec usage.Yes, Parsec undergoes regular penetration and vulnerability testing.
Yes, Parsec performs IP verification on suspected re-use. For more info check out our support article
Parsec traffic is encrypted end-to-end using DTLS 1.2 with AES128 encryption. Additionally, all web traffic used for authentication and API communication is encrypted using TLS. Once a connection has been established between client and host, all data is transferred directly peer-to-peer, or optionally through a self-hosted relay server.
Yes, Parsec peer-to-peer sessions are encrypted using DTLS 1.2 with AES128 encryption.
If you would like to report a vulnerability or have a security concern, please email security@parsec.app
Yes but you may see a performance degradation when using Parsec over a VPN. We recommend upgrading to an enterprise plan to take advantage of our high-performance relay server, which allows Teams to route all traffic through an on-premises server.
Yes, the Parsec High-Performance Relay is specifically designed to meet the needs of security minded organizations that leverage DMZs. Learn more
Unfortunately no, Parsec requires internet access for authentication and API communication. Communication with our APIs may be proxied, and remote connections may be relayed through an on-premises High-Performance Relay.
A host session token from a team-managed machine could, if stolen, be impersonated, but only to act as host. In other words, someone could make their own computer available, but they wouldn't be able to connect to team computers themselves.
During an active Guest Access session, a Guest Access Manager can kick any connected Guests from the session. Additionally, authorized Team Members may connect to the Guest Session to observe or take control.
Yes. Once provisioned, a Team Computer can be assigned to either a single team member or predefined groups of members who share common hardware needs or connection habits. Once assigned, a Team Computer can only be accessed by team members with permission to do so.
No one can join a Parsec team without receiving an explicit invitation to do so. Additionally, anyone invited to your Parsec team is only able to connect to the computers and hardware that has been explicitly assigned or made available to them. You can choose to invite people from outside your organization using our Guest Access feature, at an additional cost per invite.
Parsec for Teams includes three different levels of admins: Super Admins, Admins, and Guest Access Managers. Super Admins can access every facet of the admin panel, including billing, overall account settings, and crucial security settings. Admins are able to add and remove team members, manage groups, and assign groups and members to Team Computers. Guest Access Managers can invite guests to use computers provisioned for Guest Access. Parsec for Enterprise plans include the ability to make your own roles using Role Based Access Controls (RBAC). Super Admins can create as many custom roles as needed.
Team Computers can be assigned to both individuals and groups of users directly from the Parsec for Teams admin panel. Any online computer that’s been assigned to a team member will be visible directly from their Parsec application.
Parsec for Teams includes support for a variety of SSO services through SAML 2.0. Once integrated, Parsec for Teams admins can enforce all team members to only access Parsec after logging in through SSO. You can learn more about setting up SSO for your team here
Yes: Parsec accounts can individually activate 2FA directly through their Parsec settings. A 2FA requirement may also be enforced on the team. If SSO has been activated, Parsec will no longer check for 2FA and rely on the configured identity provider (Okta, Azure AD, Google SSO, etc).
Visit our help center and get recommended Settings for Playtesting, Build Reviews, and QA
Security Basics
Recommended Settings for Playtesting, Build Reviews, and QASecurity Basics
Parsec for Teams Admin RolesSecurity Basics
IP Verification for TeamsAdvanced Settings
Using Advanced Settings In The Command LineAdvanced Settings
The Parsec Relay ServerNetwork Settings
Firewall Rule To Block Non-Teams Accounts From Hosting