Data lifecycle
BigBlueButton recordings and privacy
The red recording indicator is only the visible part of the lifecycle. Responsible operation begins with what the server captures, continues through processing and publication, and ends only after verified deletion.
Executive brief
What matters
- 01
A recordable meeting may capture underlying media and events beyond the segments users see marked for publication.
- 02
Publication status is not the same as access control, and deletion must cover every retained copy.
- 03
Document purpose, notice, access, retention, legal basis and incident response before recording classes.
01
Understand capture and processing
BigBlueButton records events and media, then processes them into playback formats after a meeting. Official privacy guidance warns that when a meeting is created with recording enabled, the underlying session data may be captured even if a moderator marks only portions as recorded. That distinction should appear in user notices and administrator training.
02
Control publication and access
The BigBlueButton API can list, publish, unpublish, update and delete recordings. A frontend such as Moodle or Greenlight determines how users discover them. “Unpublished” generally controls visibility through that workflow; it should not be treated as encryption or proof that no operator can access stored files. Apply least privilege to API secrets, storage and administrative accounts.
03
Set retention by data class
Separate published playback, unpublished processed output, raw capture, backups and application metadata. Each can have a different technical cleanup path. Use configuration overrides that survive upgrades, monitor disk consumption and test deletion against backups and external storage. Legal holds need an explicit exception process.
04
Make consent and rights operational
Give notice before entry and again when recording starts where required. Provide a channel for access, correction or deletion requests under applicable law. Restrict downloads when the policy requires it, but be honest that authorised viewers may still capture content externally. Privacy is a governance system, not a single toggle.
Evidence base
Sources and further reading
We prefer project documentation and first-party product guidance. Community links are included where they reveal recurring operational questions rather than establish product guarantees.
- BigBlueButton privacy documentation docs.bigbluebutton.org ↗ (opens in a new tab)
- BigBlueButton recording architecture docs.bigbluebutton.org ↗ (opens in a new tab)
- BigBlueButton API recording methods docs.bigbluebutton.org ↗ (opens in a new tab)
- BigBlueButton customisation and retention settings docs.bigbluebutton.org ↗ (opens in a new tab)
Practical answers
Questions teams ask
Does pausing a BigBlueButton recording stop all server capture?+
Do not assume that it does. Official privacy documentation explains that recordable meetings may capture underlying media and events for later processing. Validate the exact version and configuration.
Does deleting a recording remove every copy?+
Only if your deletion procedure also addresses raw data, backups, exports, shared storage and any LMS or CDN copies. Test and document the result.
Can recordings be private?+
They can be access-controlled through the surrounding application and infrastructure, but the operator must configure authentication, authorisation, storage permissions and retention correctly.
Continue the research
Related guides and infrastructure
Upgrade, backup and disaster recovery for BigBlueButton
Build a BigBlueButton runbook for upgrades, configuration, recordings, Greenlight data, restore tests and service recovery.
Read next → InfrastructureRecording storage sized around hours, not guesswork
Plan BigBlueButton recording storage separately from compute. Compare local NVMe, external storage tiers, retention and backup considerations.
Read next → Public sectorHow to host remote hearings
An operational playbook for secure remote hearings: roles, witness handling, evidence, recording, accessibility and failure plans.
Read next →